What is wrong in this code?

PHP
1 
<?php 
	mysql_connect("localhost", "user", "password");
	mysql_select_db("jixcov");
	if(isset($_POST['submit'])) {
			$username = $_POST['username'];
			$check_username = mysql_query("SELECT * FROM users WHERE USERNAME='$username'");
			$numrows = mysql_num_rows($check_username);
			if($numrows != 1){
				echo('That user does not exist!');	
			} else {
					echo('That user exists');
			}
	}
?>

Even for both the conditions it is giving me the wrong answer i.e. That user does not exist!

2

echo out $numrows…should give you some hints…

3

Before getting into why the script only returns the result ‘That user does not exist!’ I want to cross reference if I may to another of your topics:-

This code is extremely vulnerable for a number of reasons.
This can be discussed in the other topic if appropriate.
I mainly bring this up because you asked the other topic about “safe websites”.

1 Like
4

Those aren’t the production server credentials are they.

1 Like
5

Thanks

7

More importantly, if they are, please change that password ASAP. I’ve already edited it out of the post, but there is a good chance Google indexed it already.

2 Likes
8

Try storing the SQL statement in a variable, then echoing out that variable. There is a good chance that your SQL literally states SELECT * FROM users WHERE USERNAME='$username' as opposed to the value of the variable $username.

Additionally, it would probably be wiser to use the mysqli_* methods as opposed to the mysql_* ones. mysqli is the improved version of the PHP MySQL driver, and is recommended by PHP for use. Besides, mysql_* methods are rapidly on their way to becoming deprecated, so in the interest of not having obsolete code consider changing those methods.
Source:http://php.net/manual/en/mysqli.overview.php

9

Been and gone, deprecated for some time and now obsolete from the latest version.

10

I wasn’t sure when it happened, I have been using mysqli since I started using PHP, but regardless @AkhilKokani should avoid using the mysql methods in favor of the mysqli ones.

11

Or PDO.

2 Likes
12

The replacements mySQLi and PDO were both introduced in July 2004.

The old interface was flagged for removal (deprecated) in July 2013 and actually removed in December 2015.

The only old version of PHP that is still supported that supported the old interface is PHP 5.6 (not worth including PHP 5.5 any more as it will be officially dead in two days time).

1 Like
13

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.