How to validate data if there are no matching rows

Question

I am fetching data from the database like this

while ($row = mysqli_fetch_array($select_user_query)){
    $userId = $row ['id'];
    $check_email = $row ['userEmail'];
    $check_password = $row ['userPassword'];
}

and then I compare if the entered details match the details fetched from the db.

if ($email === $check_email || $hashed_password ===  $check_password) {

   // header ("Location:../dashboard.php");
    echo "success";

} else {

   // header ("Location: ../signup.php");
    echo "failed";
}

but the problem is, if the email address entered doesn't exist in the database, it returns error

Notice: Undefined variable: check_email in C:\xampp2\htdocs\honest\includes\login_process.php on line 37

However if the email exists, then it returns success.

So the questions is, what is the best practice here? Should I set default value to $check_email if it's empty?

`$row` will be `false` if there are no rows so... `if ($row && $email === $check_email && $hashed_password === $check_password)` — Phil, Feb 27 '17 at 03:22
@Phil Yes, it worked. thanks, can you post this as an answer and explain if you don't mind — Rayan Sp, Feb 27 '17 at 03:24
You also realise if there are multiple rows in your statement, this will only check the last one in the result set. — Phil, Feb 27 '17 at 03:28
Check if $check_email is set before comparison - if(isset($check_email)){} — Vinay, Feb 27 '17 at 03:29
@Phil so how do you suggest I validate if email & password entered match the credentials in db? — Rayan Sp, Feb 27 '17 at 03:29
Also, your logic is incorrect, you should test for AND, not OR in your if statement — Matt G, Feb 27 '17 at 03:30

Matt G · Answer 1 · 2017-02-27T03:25:01.750

1

check_email parameter coming from the query is null, so you need to do a null check before assigning it to another variable, i.e.

$check_email = $row['userEmail'] != null ? $row['userEmail'] : '';

edited Feb 27 '17 at 03:25

answered Feb 27 '17 at 03:24

Matt G

1,332
2
13
25

This will just trigger an unknown index error instead – Phil Feb 27 '17 at 03:24
1

actually, NO it doesn't. if the userEmail row exists it will obtain the value returned from query – Matt G Feb 27 '17 at 03:26
If there are no rows, then `$row` will be `false` and will most definitely not have a `userEmail` index – Phil Feb 27 '17 at 03:39
that goes without saying – Matt G Feb 27 '17 at 03:40
you're off topic dude – Matt G Feb 27 '17 at 03:41
1

I owe you an apology. Seems PHP acts strangely around attempts to access array indices of boolean values and it does not trigger any warnings. Demo ~ https://3v4l.org/ZihZQ – Phil Feb 27 '17 at 03:46

score 1 · Accepted Answer · answered Feb 27 '17 at 03:39

Assuming that userEmail is unique, your table is named "user_table" and $conn is your mysqli connection / instance, you can check for a matching row like this...

$stmt = $conn->prepare(
    'SELECT `id` FROM `user_table` WHERE `userEmail` = ? AND `userPassword` = ? LIMIT 1');
$stmt->bind_param('ss', $email, $hashed_password);
$stmt->execute();

$stmt->bind_result($userId);
if ($stmt->fetch()) {
    echo 'success';
    // $userId is also set to the result `id` now
} else {
    echo 'failed';
}

How to validate data if there are no matching rows

2 Answers2