mysql_fetch_assoc - not displaying results

Question

I'm trying to retrieve my results from my database using mysql_fetch_assoc(), however I do not appear to be getting any results when I echo the following (plain white screen):

$email_address = $_POST['email_address'];
    $password = $_POST['password'];

    if(login($email_address, $password)){
        $query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'");
        $row = mysql_fetch_assoc($query);
        echo $row['email_address'];
    }else{
        echo "Invalid login";
    }

Your query could be failing, or you could be returning 0 rows. You need to verify that `$query` succeeded, and that you are returning rows. Also, you are open to SQL Injection, and you should not be storing passwords as plain text. — Sean, Aug 03 '13 at 01:32
Add `echo mysql_error();` and `echo mysql_num_rows($query);` before the `$row = mysql_fetch_assoc($query);` line — Burhan Khalid, Aug 03 '13 at 03:22
I recommend you take a look at the query used in the `login` function, and model your query after that. — spencer7593, Aug 03 '13 at 03:42
[Similar question](http://stackoverflow.com/questions/14330744/return-and-parse-results-from-mysql-fetch-assoc?rq=1) — rath, Aug 03 '13 at 03:57

Malcolm · Answer 1 · 2013-08-03T05:52:00.583

You could try something like the following,

if (isset($_POST['email_address']) && isset($_POST['password'])) {

$email_address = $_POST['email_address'];
$password = $_POST['password'];

//conection:
$con= mysqli_connect("hostname","username","password","database") or die("Error " . mysqli_error($link));

//query:
$query = mysql_query("SELECT * FROM users WHERE users.email_address = '$email_address' AND users.password = '$password'");

//display information:
$row = mysql_fetch_assoc($query);

if($email_address == $row['email_address'] && $password == $row['Password']){
echo $row['email_address'];
}else{
echo "Invalid login";
}
}

score 0 · Answer 2 · edited May 23 '17 at 10:29

Try if($query==NULL) {/* handle error */} to catch connection/db errors.

Then

$nrows=mysql_num_rows($query); //get the number of rows returned
if($nrows==0) //no match
else if($nrows==1) //match
else {/*more than 1 rows, probably sql injection */}

That said, move away from the deprecated MySQL extension and use MySQLi instead. Also hash your passwords if you intend to get the site public at any point in time, preferably with bcrypt. See this video for a brief overview on why simple hash functions (even salted) shouldn't be used to hash passwords and why use a KDF instead.

Finally your code is open to SQL injection. See this question on how to secure against it.

As a sidenote, some people avoid doing SELECT * because

The schema might change at a later point in time
It gives you columns you might not need, therefore extra transfer / processing time
Selecting the columns you want adds to code clarity

score 0 · Answer 3 · answered Aug 03 '13 at 04:44

change your query to this, add die(mysql_error()) to check if there is any error in your query:

$email_address = $_POST['email_address'];
$password = $_POST['password'];

if(login($email_address, $password)){
    $query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'") or die(mysql_error());
    $row = mysql_fetch_assoc($query);
    echo $row['email_address'];
} else {
    echo "Invalid login";
}

mysql_fetch_assoc - not displaying results

3 Answers3