Why is my PHP else not Showing?

Question

Does anyone know why this code is not working it will display the Unfollow bit but not the follow part. all it should do is say follow if they are not following that person and unfollow if they are. I have tried using Just if(row['following']) But it has the same output. Thanks

<?php
$con=mysqli_connect("localhost","Username","Password","DB");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
session_start();
$follower=$_SESSION['user']['id'];
$following=$_GET['id'];
$result = mysqli_query($con,"SELECT * FROM following WHERE follower='$follower' AND following='$following'");
while($row = mysqli_fetch_array($result)) {
if(isset($row['following'])){
?>
<a href="/profile/unfollow.php/?id=<?php echo $dnn['id']; ?>">
<?php
echo'<div id="button">';
echo'Unfollow <?php echo $dnn["username"]; ?>';
echo'</div>';
}
else{
?>
<a href="/profile/follow.php/?id=<?php echo $dnn['id']; ?>">
<?php
echo'<div id="button">';
echo'Follow <?php echo $dnn["username"]; ?>';
echo'</div>';
}


mysqli_close($con);
}
?>

Add `var_dump($row['following']);` in your `while` loop and post results. — barell, Jun 05 '14 at 22:07
Just in case of using this code on working website: You put a GET value directly in SQL command. DANGER! — Orelsanpls, Jun 05 '14 at 22:10
`if(row['following'])` is probably too permissive an expression (thanks to PHP's type conversions and loose definition of "true"). I suggest changing it to `if( row['following'] === true ) {`. — Dai, Jun 05 '14 at 22:11
are these necessary? `echo'Unfollow ';` and `echo'Follow ';` — Class, Jun 05 '14 at 22:14
Maybe you are looking for something like `if($result->num_rows > 0){Unfollow}else{Follow}`? — Class, Jun 05 '14 at 22:24
When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). — tadman, Jun 05 '14 at 22:27

score 3 · Answer 1 · edited May 23 '17 at 11:49

3

$row['following'] is always going to be set if that is a column in your table. What you want is to check to see if it has a value:

if(!empty($row['following'])){

FYI, you are wide open to SQL injections

edited May 23 '17 at 11:49

Community

1
1

answered Jun 05 '14 at 22:09

John Conde

217,595
99
455
496

Hi, I have just Tried your answer but it has the same outcome – Chikn Jun 05 '14 at 22:15
What does `var_dump($row);` show? – John Conde Jun 05 '14 at 22:16
It also has the same outcome. – Chikn Jun 05 '14 at 22:17
Post the results of it here. It contains info we need to troubleshoot this. – John Conde Jun 05 '14 at 22:21

Logan Wayne · Answer 2 · 2014-06-06T02:10:48.860

<?php

/* ESTABLISH CONNECTION */

$con=mysqli_connect("localhost","Username","Password","DB");

if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

session_start();

$follower=mysqli_real_escape_string($con,$_SESSION['user']['id']); /* ESCAPE STRING */
$following=mysqli_real_escape_string($con,$_GET['id']); /* ESCAPE STRING */

$result = mysqli_query($con,"SELECT * FROM following WHERE follower='$follower' AND following='$following'"); /* EXECUTE QUERY */

while($row = mysqli_fetch_array($result)){

     if(!empty($row['following'])){ /* IF FOLLOWING IS NOT EMPTY */

     $id=mysqli_real_escape_string($con,$row['id']);
     $username=mysqli_real_escape_string($con,$row['username']);

     echo "<a href='profile/unfollow.php?id=$id'>";
     echo '<div id="button">';
     echo 'Unfollow '.$username;
     echo '</div>';

     } /* END OF IF NOT EMPTY FOLLOWING */

     else { /* ELSE IF EMPTY */

     $id=mysqli_real_escape_string($con,$row['id']);
     $username=mysqli_real_escape_string($con,$row['username']);

     echo "<a href='profile/follow.php?id=$id'>";
     echo '<div id="button">';
     echo 'Follow '.$username;
     echo '</div>';

     } /* END OF ELSE */

} /* END OF WHILE LOOP */    

mysqli_close($con);

?>

Summary

Moved the mysqli_close($con) outside the while loop. I'm pretty sure your loop would stop at the first cycle.
What is dnn[] inside your while loop? Replaced it with row[].
Used mysqli_real_escape_string function to prevent some of the SQL injections
Replaced the isset() function to empty() function
More explanations quoted in /* */ given in the code above

Why is my PHP else not Showing?

2 Answers2

Summary