0

I am having an error in php search. If the record is not found it echo "Record Not Found". But if the record is found it is still giving same message "Record Not Found"

<?php
if(isset($_GET['submit']))
{
     $search = $_GET["search"];
     $result = mysqli_query($conn, "select * from login where password like 
'".$_GET['search']."%' or email like '".$search."%'  "); 
     $rows = 0;
     while($rows = mysqli_fetch_array($result))
     {
     ?>     
          <tr>
          <td>
          <?php echo $rows['email']; ?>
          </td>
          <td>
          <?php echo $rows['password']; ?>
          </td>
          <td>  
          <a href="edit.php?id= <?php echo $rows['id']; ?> ">Edit</a> ,<a 
href="assets/php/del.php?id= <?php echo $rows['id']; ?>">Del</a>
          </td>
          </tr>
          <?php
          $rows++;
     } 
     if($rows == 0)
     {
          echo "No Record Found";
     }
}
?>
user3783243
  • 5,368
  • 5
  • 22
  • 41
AZEEM ZAIDI
  • 3
  • 1
  • 4
  • 3
    Either count the rows and use that or maybe `=== 0` because it will be `false` at the end and that `== 0`. Also YOU ARE GOING TO BE HACKED! https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – AbraCadaver Aug 12 '19 at 19:36
  • 1
    You have extra spaces in your GET attributes. You also are open to SQL injections and are you storing plain text passwords?? Also why are you mixing the `$_GET` and your defined variable, use one consistently. – user3783243 Aug 12 '19 at 19:36
  • 1
    Not sure that's the source of your problem, but you are overwriting your $rows variable. You first initialize it to an integer (0), then you assign an array to it (mysqli_fetch_array) and then before the closing of your while loop you do `$rows++`. – Naomi Aug 12 '19 at 19:39
  • 1
    **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. – tadman Aug 12 '19 at 19:54
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Aug 12 '19 at 19:54
  • 1
    Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is largely an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Aug 12 '19 at 19:54

1 Answers1

0

The problem here is that you seem to be using your $rows variable for 2 things: counting the rows and fetching the rows. Rename it to let's say $count for counting and it will solve your problem.

The thing is, your while loop is assigning the result from mysqli_fetch_array to your $rows variable and then evaluating it to see if it continues looping.

If the while loop stopped looping, it means that the last call to mysqli_fetch_array returned a result that is equivalent to false. Therefore, it will always be equivalent to 0 (because false == 0 will return true) in the if right below otherwise it would not have exited the while loop.

Naomi
  • 389
  • 4
  • 11