-1

I have a big problem. I wrote a simple $_GET system 

$query = mysql_query("SELECT * FROM `users`");

while ($row = mysql_fetch_array($query)) {

    if($_GET['user'] == $row['user_seo']) {

                echo 'user exists';

    }  else {
                    echo 'No users found';
            }

}

If user don't exists in table it display 'No users found' otherwise it display No users found user exists No users found. 2 times it display "No users found" but user exists with that seo in database table. Thanks.

database screen http://prntscr.com/2ddqu4

user3127605
  • 1
  • 2
  • Please provide examples of your database and an example of how the user data is formed as you are looping through all users. You would be better of doign the GET before and then querying the database with the GET result. – The Humble Rat Dec 23 '13 at 15:33
  • try echoing $_GET['user'] and $row[user_seo']. Maybe its a problem with capital letters or trim. Besides that, you have big security holes in this code – raygo Dec 23 '13 at 15:34
  • 1
    stick to the answer of @jeroen. Once you get the hang out of PDO it'll make you're life much easier. That's a thing I can promise. – thpl Dec 23 '13 at 15:40

4 Answers4

3

You are looping over all your users so you will get multiple messages.

You should add a WHERE condition to your query to check only for the required user and switch to PDO or mysqli with prepared statements.

Something like (in PDO):

$query = 'SELECT * FROM `users` WHERE `user_seo`=:user';
$db->prepare($query);
$db->execute(array(':user' => $_GET['user']));
// etc.
jeroen
  • 91,079
  • 21
  • 114
  • 132
  • 1
    i agree, scrap the loop and only retrieve the wanted record – Jeff Hawthorne Dec 23 '13 at 15:35
  • 1
    And for the OP's information take a look on why mysql_* functions should not be used: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – thpl Dec 23 '13 at 15:37
  • This is good version BUT i started wrote project in mysql. I can't switch right now. Thanks. – user3127605 Dec 23 '13 at 15:41
  • @user3127605 Why not, in the worst-case scenario you can use both at the same time (opening 2 separate database connections...), writing your new queries in PDO. Then you can change the rest when you have the time. – jeroen Dec 23 '13 at 15:42
  • Can i write some part in code in pdo and some in mysql, and when i have time rewrite mysql to pdo? Thanks – user3127605 Dec 23 '13 at 15:43
  • @user3127605 Yes, as long as you open a db connection for both. – jeroen Dec 23 '13 at 15:44
0

Try replacing mysql_fetch_array with mysql_fetch_assoc

Also I would strongly recommend using either PDO or mysqli and prepared statements

Or Weinberger
  • 7,332
  • 23
  • 71
  • 116
0

Safely find the user with mysqli:

if (isset($_GET['user'])) {
    $user = $_GET['user'];
    $connection = mysqli_connect($Host, $Username, $Password) or die(mysqli_error());
    mysqli_select_db($connection, $database) or die(mysqli_error());

    $user = mysqli_real_escape_string($connection, $user);
    if (!is_numeric($user)) {
        $user = "'$user'";
    }

    $sql = "SELECT * FROM `users` WHERE `user_seo`=$user;";
    $result = mysqli_query($connection, $sql);

    if ($result) {
        $user = mysql_fetch_assoc($result)) {
        if ($user) {
            // User found
            // Do something with info like:
            $userName = $user['name'];
        } else {
            // User NOT found
        }
        mysql_free_result($result);
    } else {
        echo "Could not successfully run query ($sql) from DB: " . mysql_error();
        exit;
    }
}
cumul
  • 864
  • 9
  • 21
-1

You better may use an sql like this: SELECT * FROM users WHERE user_seo='".$_GET['user']."'; And forget about looping all the rows.

EDIT: but better use PDO or Mysqli and prepared statements

MillaresRoo
  • 3,808
  • 1
  • 31
  • 37