-4

I am trying to run a simple select statement using PHP and I'm certain there should be results but I am not receiving any data when I run the page.

$username = 'racarric';
$username_check = "SELECT * FROM users WHERE username = '$username'";

if (mysql_num_rows($username_check) > 0) {
    echo "Username is already in use";
    //break;
}
else {
    echo "No users have this username";
}

In my database I have a record where username is 'racarric'.

Andrew_114
  • 1
  • 1
  • 1
    Please, do not use `mysql_` function 2nd you have not executed your query. It is just a string look into [mysqli](http://php.net/manual/en/book.mysqli.php) and know more about how this works. – mega6382 Nov 11 '17 at 21:24

1 Answers1

2

You have many problems here. Here are the big ones.

First, and this is the (main) reason you don't get results, you're not actually executing the query. You store a string version of the query that you want to run, but you never execute it with, for example, mysql_query(). You would need something like this: 

// ...
$username_check = "SELECT * FROM users WHERE username = '$username'";

$query = mysql_query($username_check); // this is the new line

if (mysql_num_rows($query) > 0) { // note the parameter change
// ...

Second, you're using the mysql library. As explained in the big red box in the documentation link above, you shouldn't be using mysql_* functions at all. The mysql_* functions are outdated, deprecated, and insecure - they have been removed entirely from modern versions of PHP (version 7.0 and higher). Use MySQLi or PDO instead.

Third, you are wide open to SQL injection. You need to use prepared statements, rather than concatenating variables into your query. See How can I prevent SQL injection in PHP?.

elixenide
  • 44,308
  • 16
  • 74
  • 100
  • Thank you for the response. I am aware of the SQL Injection part and wasn't too worried about that for now. It's a pretty simple school homework assignment. What's odd is I took a course at my college last semester that taught MYSQL/PHP using the mysql_* functions, I'm shocked they didn't tell us that it was no longer supported. Thanks for the reply. I should be able to get it from here. EDIT: After looking at some old files we were taught using mysqli. I must have forgot and used too old of resources to help with this assignment. – Andrew_114 Nov 11 '17 at 21:28
  • @Andrew_114 I'm glad that helped. Please remember to select the checkmark next to the answer! Also, it's pretty inexcusable that they taught you to use `mysql_*`. Those functions have been deprecated for 4 years and were removed entirely in 7.0, which went to general availability almost 2 years ago. You might want to flag this for your instructor. – elixenide Nov 11 '17 at 21:31
  • @Andrew_114 Ah, okay. That's better! It's very easy to type `mysql_...` by mistake and leave out the `i`. If you have control over the machine, it's better just to disable the `mysql` extension. That way, code using the old functions won't even run, forcing you to be consistent in using `mysqli_...` or PDO. – elixenide Nov 11 '17 at 21:34