0

I'm doing this simple website, and I have run into this error:

My function:

<?php 
function user_exists($username)
{
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
    return (mysqli_result($query, === 0) 1) ? true : false;
}
 ?>

My php error log:

PHP Parse error:  
syntax error, unexpected '===' (T_IS_IDENTICAL) in function on line 6

Line 6 is the return line.

I understand what a syntax error means, but I'm quite sure that the '===' is not the problem.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
user2462645
  • 83
  • 1
  • 1
  • 8
  • 3
    The === is the problem. What is that return trying to do? The mysqli_result call is badly formatted - the second parameter is `=== 0`, which isn't correct. – andrewsi Jun 21 '13 at 15:35
  • 1
    Do not try to sanitize user input, but use [prepared statements](http://bobby-tables.com/php.html) instead. – Marcel Korpel Jun 21 '13 at 15:35
  • FYI, there's no such function as `mysqli_result()`. Not all `mysql_XXX` functions have a corresponding `mysqli_XXX` function, and this is one that they didn't copy. – Barmar Jun 21 '13 at 15:41
  • `($query, === 0)` . You can't pass `=== 0` as a parameter. – gen_Eric Jun 21 '13 at 15:44

2 Answers2

1

Edit : I was only talking about the ternary condition and this answer is false because the mysqli_result() function doesn't exist.

I guess you are trying to do this :

return mysqli_result($query) === 0 ? false : true;

And as Marcel Korpel said, use prepared statements to avoid security flaws.

mimipc
  • 1,354
  • 2
  • 14
  • 28
  • Thank you very much, this was the exact thing i was trying to do! – user2462645 Jun 21 '13 at 15:58
  • This will not work because `mysqli_result()` does not exist, and even if it did, that would be the wrong syntax. It would be `mysqli_result($query, 1)` – MrCode Jun 21 '13 at 15:59
  • I didn't check the function, and I should have. All I saw was a bad use of the ternary condition, and I thought it was the only problem. As MrCode said, it won't work and you should look for another answer. – mimipc Jun 21 '13 at 17:14
0

You have a few problems here. First of all there is no mysqli_result(), it does not exist. Instead you can fetch the row like below. Also your $connect is out of scope. You need to pass it as an argument, and as the comments point out even if mysqli_result() did exist, it still wouldn't work because of the syntax error.

function user_exists($username, $connect)
{
    $output = false;
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");

    if($query) // check the query was successful before trying to fetch
    {
        $row = mysqli_fetch_row($query);
        $output = $row[0] > 0;
    }

    return $output;
}

I assume your sanitize() is doing mysqli_real_escape_string(). For best security, switch to a Prepared Statement.

MrCode
  • 63,975
  • 10
  • 90
  • 112