my query doesn't work

Question

i am making an login script who is connected to a database but i get an

"Undefined variable: dbUsername in F:\xamp\register\login\functions.php on line 21"

I have further checked it and i saw that my query doesn't work can you guys help me?

if (isset($_POST['sub'])) 
{


 include_once("Connect.php");

    $username = strip_tags($_POST['username']);
    $password = strip_tags($_POST['password']);

      $sql = "SELECT id, username, password FROM login WHERE username = '$username' LIMIT 1";

      $query = mysqli_query($dbcon, $sql);

      if ($query) {
        $row = mysqli_fetch_row($query);
        $userId = $row[0];
        $dbUsername = $row[1];
        $dbPassword = $row[2];
      }
      if ($username == $dbUsername && $password == $dbPassword) {
        $_SESSION['username'] = $username;
        $_SESSION['id'] = $userId;
        header('location: login.php');
      } else {
        echo "incorrect username or password.";

      }
    }

Please read http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database and related posts. Never store passwords directly in a db. — Mat, Feb 08 '16 at 10:23

score 0 · Answer 1 · edited Feb 08 '16 at 10:32

0

$dbUsername and $dbPassword are not set if $query is false.

Set $dbUsername = null; $dbPassword = null; before your if Statement.

Update your Where-Query to this:

"WHERE username = '. $username .'

edited Feb 08 '16 at 10:32

devpro

16,184
3
27
38

answered Feb 08 '16 at 10:22

Nikolai Engel

125
9

devpro · Accepted Answer · 2016-02-08T10:42:51.130

0

You need to use your condition inside the if($query), but i dont think is there any need to recheck because you are already checking in Query WHERE username = $username. So i have modified your code as:

Modified Code:

  $sql = "SELECT id, username, password FROM login WHERE username = '$username' LIMIT 1";
  $query = mysqli_query($dbcon, $sql);
  if (!$query) {
    die(mysqli_error($dbcon));
  }
  else
  {
    $count = mysqli_num_rows($query); // check total no of rows

    if ($count > 0) 
    {
        session_start(); // start session
        $row = mysqli_fetch_row($query);
        $userId = $row[0]; // get userid from database
        $dbUsername = $row[1]; // get username from database
        $_SESSION['username'] = $dbUsername;
        $_SESSION['id'] = intval($userId);
        header('location: login.php');    
        die(); // using die() after header()
    }
    else{
        echo "incorrect username or password."; // if query not return anything print this.
    }  
  }

edited Feb 08 '16 at 10:42

answered Feb 08 '16 at 10:27

devpro

16,184
3
27
38

thanks but it doesn't work now it says this:Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in F:\xamp\register\login\functions.php on line 14 – fy. Feb 08 '16 at 10:40
@Furkanyavuz: bro, it means, u have an error in your query. because its return false.... chk updated answer... or use $query = mysqli_query($dbcon, $sql) or die(mysqli_error($dbcon)); will get the error. – devpro Feb 08 '16 at 10:43
@Furkanyavuz few debuging tips,. use `print_r($_POST);` and chk what r u getting.... second, run this query manual in phpmyadmin... SELECT id, username, password FROM login WHERE username = 'your user name' LIMIT 1 – devpro Feb 08 '16 at 10:48
1

i have linked the wrong database table to my $sql. problem solved thanks for your help :) – fy. Feb 08 '16 at 11:08
@Furkanyavuz: glad to know its solve, my suggestion for u brother, improve your debugging skills, it will help u in future. debug line by line, use error_reporting.. etc :) – devpro Feb 08 '16 at 11:25
thanks for the tip :D – fy. Feb 08 '16 at 12:02

my query doesn't work

2 Answers2