0

$stmt is execute and give Result in Print_r($stmt). Result is this "Resource id #4" but when Print_r($stmt) is put in if (odbc_num_rows($stmt) > 0) {Print_r($stmt);}. it's not give Result. and gone else conditon give message else condition.so How to Put odbc function instead of odbc_num_rows($stmt).if right Parameter pass query execute and gone if condition.

which Odbc function used in if condtion.

<?php
    include 'Connection.php';

    if(isset($_REQUEST["insert"])) 
    { 
        $user = $_GET['user'];
        $pwd = $_GET['pass'];
        $yid = $_GET['yid'];

        $sql = "select RegNo, UserName, Pasword from Std_Reg where UserName= '$user' and Pasword = '$pwd' and YearID = $yid and IsActive = True";
        $stmt = odbc_exec($conn, $sql);
        $result = array(); 

        if (!empty($stmt)) {
           // check for empty result
           if (odbc_num_rows($stmt) > 0) 
           {
            print_r($stmt);
            $stmt1 = odbc_fetch_array($stmt);

            $product = array();
            $product['RegNo'] = $stmt1['RegNo'];
            $product['UserName'] = $stmt1['UserName'];
            $product['Pasword'] = $stmt1['Pasword'];

            // success
            $result["success"] = 1;

            // user node
            $result["product"] = array();


            array_push($result["product"], $product);

            // echoing JSON response
            echo json_encode($result);


            } else {
                // no product found
                $result["succes"] = 0;
                $result["message"] = "No product found";

                // echo no users JSON
                echo json_encode($result);

            }

            //sqlsrv_free_stmt($stmt);
            odbc_close($conn); //Close the connnection first    
        }
    }
?>
TarangP
  • 2,711
  • 5
  • 20
  • 41
raj
  • 83
  • 1
  • 6
  • 14
  • Never store passwords in clear text! (and don't use GET to send them). Only store password hashes! Use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) . If you're running a PHP version lower than 5.5 (which I _really_ hope you aren't), you can use the [password_compat library](https://github.com/ircmaxell/password_compat) to get the same functionallity. – M. Eriksson Jan 22 '18 at 05:47
  • Are you sure that the query actually returns any rows? `odbc_exec()` returns a `result identifier` as long as the query doesn't fail (no matter if it found any matches or not). – M. Eriksson Jan 22 '18 at 05:53
  • To protect you from [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) attacks, I would recommend you to use [Prepared Statements](https://stackoverflow.com/questions/5756369/odbc-prepared-statements-in-php) instead of concatenating your queries. Specially since you're not escaping the user inputs at all! – M. Eriksson Jan 22 '18 at 05:56

1 Answers1

0

For INSERT, UPDATE and DELETE statements odbc_num_rows() returns the number of rows affected. The manual says-

Using odbc_num_rows() to determine the number of rows available after a SELECT will return -1 with many drivers.

one way around this behaviour is to do a COUNT(*) in SQL instead. See here for an example.

Sohel0415
  • 9,523
  • 21
  • 30