else part not executing in php if condition

Question

I've got this project on DBMS. My form is working if I enter the correct username and password.. but it shows only a blank page when i enter wrong details.. It's not executing the else part.. It if part is working fine.. Can anyone help me.. I'm new to PHP.

<html>
<head>
   <title></title>
</head>
<body>  

 <?php
 include 'connection.php';
 SESSION_START();
 $user = $_POST['registeredEmail'];
 $pass = $_POST['registeredpassword'];
 $sql = "SELECT * FROM users WHERE email = '".$user."' and password = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
$result = mysql_fetch_array($qry) or die(mysql_error());
if($result) 
{
$_SESSION['UserName'] = $result['name'];
echo '<script type="text/javascript">'; 
echo 'alert("Sign In Successful");'; 
echo 'window.location.href = "sell.php";';
echo '</script>';



}
else
{
//  header('Location: index.php');
echo 'sign in unsuccessful';
echo '<script type="text/javascript">'; 
echo 'alert("Sign In UnSuccessful. Either Email or password or both are wrong.. please try again or Sign Up");'; 
echo 'window.location.href = "index.php";';
echo '</script>'; 
}
?>
</body>
</html>

Did you looked into your source code? Is your page really blank ? — Rizier123, Apr 03 '15 at 13:02
Please, please, please read this http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php before you do anything else. — Bart Friederichs, Apr 03 '15 at 13:04

score 1 · Answer 1 · edited Apr 03 '15 at 13:04

1

Instead of if($result)

you can use if(mysql_num_rows($qry)>0)

edited Apr 03 '15 at 13:04

Sagar Naliyapara

3,971
5
41
61

answered Apr 03 '15 at 13:03

Muhammad Ahmed

481
2
14

You would want it to be `if(mysql_num_rows($qry) ==1)` since its a login form, and you dont want more than 1 match – Guinn Apr 03 '15 at 13:11

score 0 · Answer 2 · answered Apr 03 '15 at 13:03

<?php
 include 'connection.php';
 SESSION_START();
 $user = $_POST['registeredEmail'];
 $pass = $_POST['registeredpassword'];
 $sql = "SELECT * FROM `users` WHERE `email` = '".$user."' and `password` = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
$num=mysql_num_rows($qry);
if($num==1) 
{
$result = mysql_fetch_array($qry) or die(mysql_error());

$_SESSION['UserName'] = $result['name'];
echo '<script type="text/javascript">'; 
echo 'alert("Sign In Successful");'; 
echo 'window.location.href = "sell.php";';
echo '</script>';



}
else
{
//  header('Location: index.php');
echo 'sign in unsuccessful';
echo '<script type="text/javascript">'; 
echo 'alert("Sign In UnSuccessful. Either Email or password or both are wrong.. please try again or Sign Up");'; 
echo 'window.location.href = "index.php";';
echo '</script>'; 
}
?>

try this

score 0 · Accepted Answer · edited May 23 '17 at 11:50

0

There are few problems in your code. Let's 1st focus on how to fix this. Replace your code with below.

$sql = "SELECT * FROM `users` WHERE `email` = '".$user."' and `password` = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($qry) == 1) 
{

Your code is vulnerable to SQL injection.

How can I prevent SQL injection in PHP?

Don't store the password in plain-text. Use an encryption algorithm such as md5.

Best way to store password in database

edited May 23 '17 at 11:50

Community

1
1

answered Apr 03 '15 at 13:05

Techie

44,706
42
157
243

That, and it seems to store plaintext passwords. I hope this code never sees any real life application. – Bart Friederichs Apr 03 '15 at 13:08
That's why I mentioned that code has issues at the beginning – Techie Apr 03 '15 at 13:09
I'm just using the code to rum via xampp on localhost.. will comply by your suggestions.. Thanks a ton to all you guys for helping ... – Tushar Anand Apr 03 '15 at 13:54

score 0 · Answer 4 · answered Apr 03 '15 at 13:10

Basicly your if statement always conditions to true, so the else statement is never reached. If you check a different condition like vivek suggests, where you check if your query has exactly 1 match (since I suppose you will want a user to have only 1 account) the statement can also be false and thus it will skip to the else statement.

else part not executing in php if condition

4 Answers4