PHP thinks an existing user isn't existing in my table

Asked May 04 '20 at 15:46

Active May 04 '20 at 15:49

Viewed 28 times

I am trying to test if a user is existing in a database table. Very basic and without any encryption. For some reason, PHP always drops the message, that the user got inserted, but I inserted a row with a name called "Tom" and tested to "register" with the same name. PHP still drops the message that it got inserted (it doesn't do anything but checks for the user row).

Here's the Code:

$con = new MySQLi("localhost", "tom", "DBdb123#", "db");
if ($con) {
    $user = $_POST["login"];
    $sql = "SELECT user FROM user where user = " . $user;

    if ($sql < 1) {
        echo "Benutzer angelegt.";
    } else {
        echo "Benutzer existiert bereits.";
    }
}

And here's the proof that the user already exists:

I guess my if-query is wrong, but I coulnd't imagine how to do it right then..

asked May 04 '20 at 15:46

Tom

$user needs to be quoted. A prepared statement will make sure this always works and will prevent common SQL errors and security holes: https://www.php.net/manual/en/mysqli.prepare.php – Ian Hunter May 04 '20 at 15:52
1

@lan Hunter Mhh it seems to also not work with quotes.. I'll try it with prepared statements – Tom May 04 '20 at 16:05

PHP thinks an existing user isn't existing in my table

0 Answers0