-1

I'm really new to php and been following a tutorial on youtube by php academy. Basically it's a script(s) that allows for login,registering and a remember me option, the tutorial is 2 years old so I tried to change some of the mysql functions to mysqli but I'm running into some problems..when I enter a username and hit login I get a "mysql_num_rows() expects parameter 1 to be resource, string given in user.php line 9" error and my if statement says "cannot find username try registering" but it should show "exists" because the username I entered is in fact in the database..I'm puzzled, also please forgive me if the script isn't the most secure, I know things should be escaped and such, your help would be appreciated

User.php :

<?php

function user_exists($username)
{

$username=$username;
$query = ("SELECT count(`user_id`) FROM `users` WHERE `username`='$username'");

    if(mysql_num_rows($query)===1)
    {return true;

    } else{
        return false;
    }


}




?>

login.php

<?php

    include ('core/init.php');


    if(user_exists('drellen')===true){
        echo "exists";

    }

    if(empty($_POST)===false){
        $username=$_POST['username'];
        $password=$_POST['password'];

        if(empty($username) === true|| empty($password)=== true)

        {

            echo $error[]="Enter a username and password";

        } 
            else if (user_exists($username)===false) 

            {
            echo $error[]="Cannot find username try registering";
            }




    }

please note that the init.php has users.php included in it***** Might have a mixture of the old mysql and the new mysqli functions mixed in, help making it full mysqli would be appreciated

Satish Sharma
  • 9,547
  • 6
  • 29
  • 51
the_islander
  • 207
  • 1
  • 4
  • 19
  • did you actually run the query? Num rows just counts the rows returned, it doesn't run the query. – Ryan J Aug 08 '14 at 05:28
  • In the tutorial he used mysql_result($query,0)==1) ? true : false to see if a row with that queried user name existed and I thought mysql_num_row($query) was the mysqli equivalent sorry, should I have used mysql_result($query)? And yes I checked the query in phpMyadmin – the_islander Aug 08 '14 at 05:39
  • Possible duplicate: https://stackoverflow.com/questions/22252904/how-to-check-if-a-row-exists-in-mysql-i-e-check-if-an-email-exists-in-mysql – Dharman Dec 11 '20 at 16:49

3 Answers3

0

You have not used mysql_query() to run query. How you get number of rows without it.

Note -> You should use mysqli_* functions instead of mysql_*

$query = mysqli_query("SELECT count(`user_id`) FROM `users` WHERE `username`='$username'");
//$row = mysqli_fetch_array($query);
$count = mysqli_num_rows($query);
TBI
  • 2,789
  • 1
  • 17
  • 21
  • 1
    Suggest updating the answer to help the OP in converting to the use of mysqli instead of mysql functions. – Ryan J Aug 08 '14 at 05:31
0

you can try this

function user_exists($username)
{
    $result = mysql_query("SELECT `user_id` FROM `users` WHERE `username`='$username' LIMIT 1 ") or die(mysql_error());
    if($row = mysql_fetch_assoc($result))
    {
        return true;
    }
    else
    {
        return false;
    }
}

Note : mysql_* is deprecated. use mysqli_* or PDO

UPDATE 2:

    function user_exists($username)
    {
        global $your_db_conn;
        $sql = "SELECT `user_id` FROM `users` WHERE `username`='$username' LIMIT 1 ";
        $result = mysql_query($sql, $your_db_conn) or die(mysql_error());
        if($row = mysql_fetch_assoc($result))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
Satish Sharma
  • 9,547
  • 6
  • 29
  • 51
  • Thanks< I tried this and an error came up about using PDO or mysqli as expected but the die error says: No databse selcted, but I selected it when setting up my connection.php script – the_islander Aug 08 '14 at 05:52
  • its not found your database connectivity. – Satish Sharma Aug 08 '14 at 05:53
  • Just double checked my connection.php script and it doesn't show an error which I'd like to assume it connected to the correct database? – the_islander Aug 08 '14 at 06:16
  • use the connection variable in function in sql like my update 2 – Satish Sharma Aug 08 '14 at 06:34
  • I was still getting a error so I searched a bit and found that if($result -> num_rows) worked when drellen is in the username variable the if statement echoes "exists" but now when I change it to 'billy' which isn't in the database it still echoes exists – the_islander Aug 08 '14 at 10:17
-2

Here is a working example

After doing some digging around i found that the most important part in this new function is calling the global $db, and for sanitizing adding the $db, $data as well as in the query. if you look up other basic exampels of using mysqli_query($db, $sql); you will catch onto this quite easily

<?php
    
    $db = mysqli_connect('localhost', 'root', 'password', 'database');

    function sanitize($data) {
        global $db;
        return mysqli_real_escape_string($db, $data);
    }

    function user_exists($username)
    {
        global $db;
        $username = sanitize($username);
        $sql = "SELECT `id` FROM `Users` WHERE `username`='$username' LIMIT 1";
        $result = mysqli_query($db, $sql) or die('query');
        if($row = mysqli_fetch_assoc($result))
        {
            return true;
        }
        else
        {
            return false;
        }
    }

?>
<h1>test</h1>

<?php



if (user_exists('admin') === true){
 echo "Good news, this exists";
} else {
    echo "no good";
}

?>
Syicoma
  • 1