Using if num_rows, but else won't run

Question

I'm not sure if this is a duplicate, but I couldn't find anything about this. I have a simple query put in for a login, when the username and password are both correct it will run the IF finding ofcourse 1 row. Yet when I get the password or username wrong it should run the ELSE. Sadly this is not the case and I get a white screen without any errors.

Code:

$result = $dbcon->query("SELECT * FROM PT_USERS WHERE Username = '$gebruiker' AND Password = '$wachtwoord'");
    while($row = $result->fetch_assoc()) {
        if($result->num_rows == 1) {
        $_SESSION['PT_USERS']       = $row["Username"];
        $_SESSION['PT_CONFIRM']     = $row["Confirmed"];
        header("Location: ../");        
        }
        else {
            $result = $dbcon->query("SELECT * FROM PT_USERS WHERE Username = '$gebruiker'");
            if($result->num_rows == 1) {
                echo '<script>alert("Het wachtwoord klopt niet met dit gebruikersnaam!");</script>';
                header("Location: ../");
            }
            else {
                echo '<script>alert("Geen account gevonden!");</script>';
                header("Location: ../");
            }
        }
    }

I've been looking on how to fix this, but I can't seem to find anything. Any luck you guys can help?

Thanks!

Your username field should be unique, so this query should _at most_ return one row. So what is the use of a while loop here …? — CBroe, Aug 22 '17 at 08:22
try to print your result set using 'var_dump($result)' before while loop & get an idea of the result. — Prasad Gayan, Aug 22 '17 at 08:23
Enable proper PHP error reporting, then it will tell you what you did wrong. Most likely you will get _headers already sent_, because you are generating output before already. — CBroe, Aug 22 '17 at 08:23
Plus, this doesn’t look like you taken any measures against SQL injection, and neither bothered to properly hash the password either. — CBroe, Aug 22 '17 at 08:24
If no result rows are returned from the query the `$row = $result->fetch_assoc()` accounts to false. So when there are no results, your code is exiting the while loop. Remove the while loop and try. It would be fine. — Charan Putrevu, Aug 22 '17 at 08:37
Please read https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Björn Tantau, Aug 22 '17 at 08:55

score 0 · Accepted Answer · answered Aug 22 '17 at 08:29

Here no need of while loop.

try with this-

$result = $dbcon->query("SELECT * FROM PT_USERS WHERE Username = '$gebruiker' AND Password = '$wachtwoord'");
    if($result->num_rows == 1) {
        $row = $result->fetch_row();
        $_SESSION['PT_USERS']       = $row["Username"];
        $_SESSION['PT_CONFIRM']     = $row["Confirmed"];
        header("Location: ../");
    }
    else {
        $result = $dbcon->query("SELECT * FROM PT_USERS WHERE Username = '$gebruiker'");
        if($result->num_rows == 1) {
            echo '<script>alert("Het wachtwoord klopt niet met dit gebruikersnaam!");</script>';
            header("Location: ../");
        }
        else {
            echo '<script>alert("Geen account gevonden!");</script>';
            header("Location: ../");
        }
    }

Using if num_rows, but else won't run

1 Answers1