Hi, i am started to learn php (login system) and really need help. How to return 1 when i enter email and password?
I am arleady using: echo $results = mysqli_num_rows($result);
I think i am missed something in code:
<?php
if ($_POST['submit']) {
if (!$_POST['email']) $error.="Please enter your email";
else if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) $error.="Please enter a valid email address";
if (!$_POST['password']) $error.="<br />Please enter your password";
else {
if (strlen($_POST['password'])<8) $error.="<br />Please enter a password with at least 8 characters";
if (!preg_match('`[A-Z]`', $_POST['password'])) $error.="<br />Please include at least one capital letter in your password";
}
if ($error) echo "There were error(s) in your signup details:".$error;
else {
$link = mysqli_connect("localhost", "username", "password", "database");
$query="SELECT * FROM `users` WHERE email=".mysqli_real_escape_string($link, $_POST['email'])."'";
$result = mysqli_query($link, $query);
echo $results = mysqli_num_rows($result);
}
}
?>
<form method='post'>
<input type='email' name=email' id='email' />
<input type='password' name='password' />
<input type='submit' name='submit' value='Sign up' />
</form>
Well i’m not sure why you want to echo a 1, but echo $results after you’ve assigned it.
I’m also gonna suggest you put single-line if’s in curly braces if you’re going to be nesting that many ifs in and around each other, it’s… incredibly difficult to read your code without indentation and braces.
This is only valuable tutorial i found and i have no choice, just to learn by this and in my oppinion its better to complete this course, than jump from one to another.
By the way what course you would recommend if telling me this?
The use of prepared statements is much more preferaable to mysqli_real_escape_string as prepared statements eliminate the risk of sql injection attacks.
When checking if a user already exists you should be checking if the username or the email already exist, that can be done with a single query and if 1 or more rows are found then reject either the username or email as appropriate. If you get more then two matches then you’ll have a problem
It’s probably (hopefully) done elsewhere but make sure that when hashing the user’s password, if you’re using PHP version 5.5 or newer make use of the built in functions for hashing passwords (there’s a backwards compatible library available for PHP version 5.4 and older - sorry don’t have the link to hand)
When you’re selecting stuff from a database, don’t use the dreaded, evil SELECT *, list the fields you require only, using the “leading commas” convention.
When dealing with if, elseif or else blocks indent the code that is within the block
Is the library this one for the older versions that does not support password_hash & password verify: http://www.openwall.com/phpass/ ?
Also I have seen lately a lot of comments like “SELECT * FROM blabla” is EVIL. Why exactly it is so evil?
EDIT:
Okay nvm, first article I read tells its a performance related issue, but how BIG impact will it have after all? Is it really that significant ? I am not saying that you should use “SELECT * FROM blabla” But just out of curiosity would like to know if someone has done benchmarks on the subject? I guess my main question is that is it just a micro optimization at most or does it really have bigger impact?
EDIT2:
Also when using ORMs wouldnt it select all columns too?
if you remove a column from the db table you likely get an unknown index error that is hard to track. with explicitly requesting columns you’ll get an SQL error if the query does not match the table anymore.
if you list all fields there is no need to know the table in order to use the correct result indices because all necessary information is included in the PHP code.