Page 1 of 1

Incorrect Result with mysql_fetch_array

Posted: Sat May 03, 2003 1:57 pm
by Caped Knight
Ugh. This is just a script to test if a user exists (prelude to a login script). It's just been killing me for the past two days. I'm newbie to MySQL... Here's the script:

Code: Select all

<?php

mysql_connect("localhost","[user]","[password]") or die("Unable to connect to database.&nbsp&nbsp" . mysql_error() );
mysql_select_db("forums");

$query = "SELECT username FROM users WHERE username = '$username'";
$result = mysql_query($query) or die("Couldn't query.");
$row = mysql_fetch_array($result,MYSQL_ASSOC);

if($username == $row['username']){
    echo "User exists.";
}else{
    echo "User does not exist.";
}


include("signin.inc");

?>
signin.inc:

Code: Select all

&lt;html&gt;
&lt;head&gt;
       &lt;title&gt;Sign In&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;

&lt;form action="signin.php" method="post"&gt;
&lt;input type="text" name="username" maxlength="20"&gt;&lt;br&gt;
&lt;input type="submit" value="Sign In"&gt;
&lt;/form&gt;

&lt;/body&gt;
&lt;/html&gt;

...okay, now I start everything up and go to test it. Without even typing something in the form I get "User exists." Can anyone explain this to me?

Posted: Sat May 03, 2003 2:16 pm
by twigletmac
Try something like:

Code: Select all

<?php 
// test if a username has been entered
if (!empty($_POST['username'])) {

	$username = $_POST['username'];

	mysql_connect('localhost', '[user]', '[password]') or die('Unable to connect to database.&nbsp&nbsp' . mysql_error() ); 
	mysql_select_db('forums') or die(mysql_error()); 

	$query = "SELECT username FROM users WHERE username = '$username'"; 
	$result = mysql_query($query) or die(mysql_error().'<p>'.$query.'</p>'); 
	
	// test to see if there are any results
	if (mysql_num_rows($result) == 1) {
		echo 'User exists';
	} else {
		echo 'User does not exist.'; 
		include 'signin.inc'; 
	}
} else {
	echo 'No username was entered.';
	include 'signin.inc'; 
}

?>
Mac

Posted: Sat May 03, 2003 3:11 pm
by Caped Knight
Thanks! Just for one more annoying question, isn't typing "if($_POST['username')" the same as "if (!empty($_POST['username']))" in newer versions of PHP?

Posted: Sat May 03, 2003 3:20 pm
by twigletmac
No they're not, if you do:

Code: Select all

if (!empty($_POST['username']) {
you are testing to see if the variable is set and that it is not equal to an empty string or zero, however, if you do

Code: Select all

if (!$_POST['username']) {
you are testing to see if the variable is equal to false - you should only use this second method for testing to see if variables are equal to true or false, not to test if they are set. To test if a variable is set use either empty() or isset(). If you turn your error reporting up to its highest level you will receive warning notices if you are using the second method.

Mac

Posted: Sat May 03, 2003 6:53 pm
by Caped Knight
Thanks for the help again. Now I've gotten an error that is putting me on the verge of having an anyeurism. This is the completed script. There are 44 lines in the script. I get this error: "Parse error: parse error in c:\apache\htdocs\forums2\signin.php on line 45"

Code: Select all

<?php

mysql_connect('localhost', '[user]', '[password]') or die('Unable to connect to database.&nbsp&nbsp' . mysql_error() );
mysql_select_db('forums') or die(mysql_error());

$username = $_POST['username'];
if(isset($username)){

   // Check username
   $query = "SELECT username FROM users WHERE username = '$username'";
   $result = mysql_query($query);

   if(mysql_num_rows($result) == 1){
      $user_exists = "TRUE";
   }else{
      $doesntExist = "Invalid user.";
      include 'signin.inc';
      die();
   }

   // Check password
   $password = $_POST['password'];
   if(isset($password)){

   $query = "SELECT * FROM users WHERE username = '$username' &&  password = '$password'";
   $result = mysql_query($query);

   if(mysql_num_rows($result) == 1){
      $correct_password = "TRUE";
   }else{
      $wrong_pass = "Incorrect password.";
      include 'signin.inc';
   }

}else{
   $notEntered = "No username was entered.";
   include 'signin.inc';
}

if($user_exists == "TRUE" && $correct_password == "TRUE"){
    echo "User name and password correct.";
}

?> <--line 44

Posted: Sat May 03, 2003 9:29 pm
by phice
You need to end your first if() statement.

Code:

Code: Select all

<?php

mysql_connect('localhost', '[user]', '[password]') or die('Unable to connect to database.&nbsp&nbsp' . mysql_error() ); 
mysql_select_db('forums') or die(mysql_error()); 

$username = $_POST['username']; 
if(isset($username)){ 

   // Check username 
   $query = "SELECT username FROM users WHERE username = '$username'"; 
   $result = mysql_query($query); 

   if(mysql_num_rows($result) == 1){ 
      $user_exists = "TRUE"; 
   }else{ 
      $doesntExist = "Invalid user."; 
      include 'signin.inc'; 
      die(); 
   } 

   // Check password 
   $password = $_POST['password']; 
   if(isset($password)){ 

   $query = "SELECT * FROM users WHERE username = '$username' &&  password = '$password'"; 
   $result = mysql_query($query); 

   if(mysql_num_rows($result) == 1){ 
      $correct_password = "TRUE"; 
   }else{ 
      $wrong_pass = "Incorrect password."; 
      include 'signin.inc'; 
   } 

}else{ 
   $notEntered = "No username was entered."; 
   include 'signin.inc'; 
} 

if($user_exists == "TRUE" && $correct_password == "TRUE"){ 
    echo "User name and password correct."; 
} 

}

?>

Posted: Sat May 03, 2003 11:08 pm
by Caped Knight
Nope, I did end my first if statement, and I still get the error as well.

Posted: Sat May 03, 2003 11:19 pm
by Sevengraff

Code: Select all

// Check password 
   $password = $_POST['password']; 
   if(isset($password)){
need to close that if statement i think.

Posted: Sat May 03, 2003 11:22 pm
by Caped Knight
Ahh, never mind that post. I was having trouble saving the file. Thanks again, everyone.