1

I have this code to check if user exists in database. I want to assign $account to 1 if it exits, and 0 if it doesn't. I thought this code would work but its constantly setting $account to 0 so I think im missing a trick. Any help would be appreciated.

$con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");

 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

mysql_select_db(DB_NAME, $con);

$sql="SELECT user_name FROM users";

$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['user_name'] == '$user_name'){
$account = 1;
}else{
        $account = 0;}

Thanks

Nikola K.
  • 7,093
  • 13
  • 31
  • 39
cbarlow123
  • 217
  • 5
  • 18
  • when you compare strings it's better practice to use [strcomp](http://php.net/manual/en/function.strcmp.php) as follows: `if(strcomp($row['user_name'], $user_name) == 0)` – Nir Alfasi Jul 06 '12 at 22:37
  • @alfasin: `===` would also be sufficient and more readable in this case ([related](http://stackoverflow.com/questions/3333353/php-string-comparison-vs-strcmp)). – jmdeldin Jul 06 '12 at 22:43
  • @jmdeldin you're absolutely right! – Nir Alfasi Jul 06 '12 at 22:44
  • @alfasin, best practise, really? I disagree, @jmdeldin says `===` is a much better choice since it's more readable. – John Carter Jul 07 '12 at 01:12
  • @therefromhere and did you see what I replied ? now, if you quote me please try to be accurate: I said "better practice" not "best", `strcomp` preforms a binary safe string comparison which is more reliable than "==". Now, was I wrong ? – Nir Alfasi Jul 07 '12 at 03:31
  • @alfasin sorry, I miss-read better as best. – John Carter Jul 07 '12 at 08:24

4 Answers4

3

You can't put variables in a string if you use single quotes ' (plus it's not necessary!). Below rectifies that issue, and shortens your if/else statement into a one-liner.

$account = $row['user_name']==$user_name ? 1 : 0;
MDEV
  • 10,730
  • 2
  • 33
  • 49
  • You can put variables inside a string, however the wrapping quotations would have to be double in order for the variable to be interpolated. – trickyzter Jul 06 '12 at 22:37
  • Yes, that's why I stated ".. if you use single quotes" - but either quotes are pointless in this instance. – MDEV Jul 06 '12 at 22:38
  • 1
    You could also cast the result as an int: `(int) ($row['user_name'] == $user_name);` However, if you do rely on PHP's idea of equality with `==` or `if ($account)`, then explicitly converting a boolean to an int isn't needed (e.g., `true == '1'`). – jmdeldin Jul 07 '12 at 02:39
2

I think this could be done a better way:

$con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");

 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

mysql_select_db(DB_NAME, $con);

$account = (int)mysql_query("SELECT COUNT(*) FROM Users WHERE user_name='$user_name'");

That should store the correct value in account, i.e. 1 if the user is found and 0 if not.

Liam Bailey
  • 5,879
  • 3
  • 34
  • 46
1

You're query is returning multiple rows, and you are doing the comparison with the first row. you need to do something like the follwing to specify a single user (see sql statement change):

$sql="SELECT user_name FROM users WHERE user_name='".$user_name."' ";

$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['user_name'] == '$user_name'){
$account = 1;
}else{
        $account = 0;}

also, to iterate over rows, you can see this example from http://php.net/manual/en/function.mysql-fetch-assoc.php:

while ($row = mysql_fetch_assoc($result)) {
    echo $row["userid"];
    echo $row["fullname"];
    echo $row["userstatus"];
}
Tucker
  • 7,017
  • 9
  • 37
  • 55
1

Change: 

if ($row['user_name'] == '$user_name'){

to:

if ($row['user_name'] == $user_name){

Single quotes signifies a string. So, by putting your variable between the single quotes, you're trying to match $row['user_name'] to $user_name (not string inside the $user_name variable - but STRING "$user_name").

Double quotes also signifies a string, but you can put your variable between double quotes and $row['user_name'] will match to $user_name (a string inside the variable).

So, the following two examples are correct, and yours isn't:

if ($row['user_name'] == $user_name){
if ($row['user_name'] == "$user_name"){
Nikola K.
  • 7,093
  • 13
  • 31
  • 39