Getting no result from query

Question

I want to display the first name of the person that logged in to my website. This is the code of my login.php file which is included in one page of my website.

<?php

$connect = mysql_connect("localhost","root","") or die("Error");
mysql_select_db("jpnv_db") or die("Couldn't find db");

function login() {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $query = mysql_query("SELECT * FROM customers WHERE `username`='$username' AND `password`='$password'");
    $names = mysql_query("SELECT contactFirstName FROM customers WHERE `username`='$username'");

    if (empty($username)) {
        $errors[] = 'Please fill in your username. <a href="index.php">Click here to try again.</a>';
    }

    if (empty($password)) {
        $errors[] = 'Please fill in your password. <a href="index.php">Click here to try again.</a>';
    }    

    if ($errors==true) {
        foreach ($errors as $error) {
            echo $error.'<br />';
        }
    } else {
        if (mysql_num_rows($query)==true) {
            echo $names['customers'];
        } else {
            echo 'Your username and/or password are incorrect. <a href="index.php">Click here to try again.</a>';
        }
    }
}
?>

This is the result when the password is incorrect:

enter image description here

This is the result when I actually log in succesfully:

enter image description here

As you can see in my code, it should actually show the name of the person who logged in in the top bar. But however, it is completely empty. What am I doing wrong here?

[You need to prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Apr 27 '15 at 16:54
Add error reporting to the top of your file(s) right after your opening PHP tag for example ` — Funk Forty Niner, Apr 27 '15 at 16:54
`mysql_fetch_assoc();` is missing. But yes, learn about mysqli... — nicolaus-hee, Apr 27 '15 at 16:56

score 3 · Answer 1 · edited May 23 '17 at 10:29

You never fetch the results from the query and you need to ask for the correct column name from the query:

if (mysql_num_rows($query)==true) {
    $name = mysql_fetch_assoc($names)
    echo $name['contactFirstName']; // change the column name here
} else {...

You need to prevent SQL Injection or someone will make all of your data disappear.

Please, stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO.

score 0 · Answer 2 · answered Apr 27 '15 at 17:03

function login() {

    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) || empty($password))
    {
      echo "You haven't filled username/password";
      // redirect code here//
    }
    else
    {

    $query = mysqli_query("$con, SELECT * FROM customers WHERE `username`='$username' AND `password`='$password'");
         if ($query && mysqli_num_rows($query)!=0) {
         $row =mysqli_fetch_assoc($query);
         echo "Customer name is : " . $row['customers']; // you need to specify columns in between  ' ' to get it. Change it based on your need.
     }
   }
 }

Note : You should migrate to Mysqli or PDO. $con in the code is the variable that holds db connection.

score 0 · Answer 3 · answered Apr 27 '15 at 17:51

check this line of code. You are not identifying $name variable.

else {
  //$names variable 
    if $(mysql_num_rows($query)==true) {
      $names = mysql_fetch_all($query);
        echo $names['customers'];
    } else {
        echo 'Your username and/or password are incorrect. <a href="index.php">Click here to try again.</a>';
    }
}

Getting no result from query

3 Answers3