mysql_num_rows() when result should be zero
Posted: Thu Feb 05, 2004 9:53 pm
Greetings,
I'm working on my first PHP/MySQL application and I've run into an interesting problem. While authenticating users of the database, I get a login name and password from a form and pass it in the $_POST array. Then, in order to authenticate the entry, I take the entered login name and search the database for a login name that matches the entry in order to SELECT the password. Then, the passwords are compared and if they match, we have an authentic user.
So, to sum up, here is my plan:
1) Get login name and password from the user.
2) Use mysql_query() to select the password for the entered login name.
3) If the login name cannot be found, throw a bad login error.
4) If it can be found, then compare the entered password to the password from the database.
5) If they do not match, throw a bad password error.
6) If they do match, authenticate user, start a session, etc.
Now, the problem comes in at step 3. In order to determine if the login name was found, I thought it would be easy to do this:
if( mysql_num_rows($result)==0 ) { /*do error stuff */}
else { /* compare passwords and stuff */ }
But, it seems like the mysql_num_rows() function is not returning zero, even when I know the query should not have found any matching login names in the database. I'm the database owner, so I can enter a login name that is definately not in the database, but it still always thows a bad password error after comparing the entered password to a blank string.
Is there some other way to determine if the mysql_query has no results? Is it "legal" to say something like this:
if(! ($result = mysql_query("SELECT ....."))) { /* do error stuff */ }
Thanks in advance for your help!
-- David Goldfeder --
I'm working on my first PHP/MySQL application and I've run into an interesting problem. While authenticating users of the database, I get a login name and password from a form and pass it in the $_POST array. Then, in order to authenticate the entry, I take the entered login name and search the database for a login name that matches the entry in order to SELECT the password. Then, the passwords are compared and if they match, we have an authentic user.
So, to sum up, here is my plan:
1) Get login name and password from the user.
2) Use mysql_query() to select the password for the entered login name.
3) If the login name cannot be found, throw a bad login error.
4) If it can be found, then compare the entered password to the password from the database.
5) If they do not match, throw a bad password error.
6) If they do match, authenticate user, start a session, etc.
Now, the problem comes in at step 3. In order to determine if the login name was found, I thought it would be easy to do this:
if( mysql_num_rows($result)==0 ) { /*do error stuff */}
else { /* compare passwords and stuff */ }
But, it seems like the mysql_num_rows() function is not returning zero, even when I know the query should not have found any matching login names in the database. I'm the database owner, so I can enter a login name that is definately not in the database, but it still always thows a bad password error after comparing the entered password to a blank string.
Is there some other way to determine if the mysql_query has no results? Is it "legal" to say something like this:
if(! ($result = mysql_query("SELECT ....."))) { /* do error stuff */ }
Thanks in advance for your help!
-- David Goldfeder --