424,294 Members | 1,891 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,294 IT Pros & Developers. It's quick & easy.

How can I check if username exists in database table.

P: 24
Hi guys,

I need help with validating the user to see if the username exists in database table or not.

Here is my code.

default.php

Expand|Select|Wrap|Line Numbers
  1.  
  2. <form name="form1" action="authenticate.php">
  3. <table class="tableborder" align=center bgcolor="#f0f0f2">
  4.     <tr>
  5.   <td style="padding-bottom: 10px;" colspan="2" class="heading1"><b>Login Required</b></td>
  6. </tr>
  7.     <tr>
  8.       <td height="30">Username:</td>
  9.       <td><input type="text" name="Username" style="width:15em;">
  10.       </td>
  11.     </tr>
  12.     <tr>
  13.       <td height="30">Password:</td>
  14.       <td><input type="password" name="Password" style="width:15em;">
  15.       </td>
  16.     </tr>
  17.     <tr><td height="30" align="right"><input class="submit" name="register" type="button" value="Register" onClick="window.location=;"></td>
  18.     <td><input name="submit" type="submit" value="Log-in" class="submit"></td></tr>
  19.   </table>
  20. </form>
  21.  
authenticate.php

Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php
  3. $con = mysql_connect("localhost","username","password");
  4. if (!$con)
  5.   {
  6.   die('Could not connect: ' . mysql_error());
  7.  
  8.   }
  9. mysql_select_db("tbl_login", $con);
  10. $Username = $_POST['Username'];
  11. $Password = $_POST['Password'] ; 
  12.  
  13. $sql="SELECT Username FROM login_tbl WHERE Username=’".$Username.”’ and Password=’”.$Password.”’”;
  14. $r = mysql_query($sql);
  15. if(!$r) {
  16.    $err=mysql_error();
  17.    print $err;
  18.    exit();
  19. }
  20. if(mysql_affected_rows()==0){
  21.    print "no such login in the system. please try again.";
  22.    exit();
  23. }
  24. else{
  25.    print "successfully logged into system.";
  26.    //proceed to perform website’s functionality – e.g. present information to the user
  27. }
  28. ?>
I desperately need to fix this code. Any help will be really appreciated.

Thanks
Aug 28 '08 #1
Share this Question
Share on Google+
7 Replies


Markus
Expert 5K+
P: 6,050
What's wrong with above code?
What does or doesnt happen?

Use mysql_num_rows() to see if the user name is already present.
Aug 28 '08 #2

P: 24
What's wrong with above code?
What does or doesnt happen?

Use mysql_num_rows() to see if the user name is already present.
Hi markusn,

I am not sure what's wrong with the code. When I enter username and password which already exists in database and click on login I get a blank page. Please help me with this problem.

Thanks
Aug 28 '08 #3

100+
P: 310
It is hard for us to see what the problem is. You need to do some debugging here yourself.

Suggestions: Echo out the query statement so you can see what is really being submitted to your database. See if there are any unexpected errors here, such as a blank value due to a typo or some other strange reason. Check to see that any non-alphabetic symbols in the password do not make the query incorrect syntactically.

Then if possible, try to copy and paste the query statement that you echo out to your screen directly into a database console window. This will let you see what the database is really outputting instead of having it filtered through your PHP code. Here you can see what the return is.

By the way, two things I notice about your code.

1) you have $Password used directly in your query, but don't you need to have something like a database specific function call like PASSWORD('$password')? My syntax here not totally correct but the point is, the database may store the password in an encrypted format so just comparing the stored value with the user supplied value directly may not work.

2) You examine if the user is registered by checking the affected rows, and this is not robust in my opinion. You should just use a SELECT count(*) statement and then examine the number of rows returned. If 0, then the user does not exist yet, if 1 then the user already exists.
Aug 28 '08 #4

Atli
Expert 5K+
P: 5,058
Hi.

In your query, you are escaping the values in back-ticks (`) rather than single-quotes ('). That won't work.
Back-ticks are meant for column or database names. Single-quotes for string and date values.

Also, the structure of that code is a bit odd.
You should be making sure that the user is valid, or else show him an error. Your code does the except opposite, checking if the user is NOT valid, validating by default.

Consider the following:
Expand|Select|Wrap|Line Numbers
  1. $result = mysql_query("...") or die(mysql_error());
  2. if(mysql_num_rows($result) == 1) {
  3.   echo "Success! You are logged in!";
  4. }
  5. else {
  6.   echo "Failure! Try again.";
  7. }
  8.  
Also note how I use the die() function there. Basically does the same thing the if statement after you query call does.
Aug 28 '08 #5

P: 24
It is hard for us to see what the problem is. You need to do some debugging here yourself.

Suggestions: Echo out the query statement so you can see what is really being submitted to your database. See if there are any unexpected errors here, such as a blank value due to a typo or some other strange reason. Check to see that any non-alphabetic symbols in the password do not make the query incorrect syntactically.

Then if possible, try to copy and paste the query statement that you echo out to your screen directly into a database console window. This will let you see what the database is really outputting instead of having it filtered through your PHP code. Here you can see what the return is.

By the way, two things I notice about your code.

1) you have $Password used directly in your query, but don't you need to have something like a database specific function call like PASSWORD('$password')? My syntax here not totally correct but the point is, the database may store the password in an encrypted format so just comparing the stored value with the user supplied value directly may not work.

2) You examine if the user is registered by checking the affected rows, and this is not robust in my opinion. You should just use a SELECT count(*) statement and then examine the number of rows returned. If 0, then the user does not exist yet, if 1 then the user already exists.
Problem solved. Thanks guys.
Aug 29 '08 #6

P: 24
Hi.

In your query, you are escaping the values in back-ticks (`) rather than single-quotes ('). That won't work.
Back-ticks are meant for column or database names. Single-quotes for string and date values.

Also, the structure of that code is a bit odd.
You should be making sure that the user is valid, or else show him an error. Your code does the except opposite, checking if the user is NOT valid, validating by default.

Consider the following:
Expand|Select|Wrap|Line Numbers
  1. $result = mysql_query("...") or die(mysql_error());
  2. if(mysql_num_rows($result) == 1) {
  3.   echo "Success! You are logged in!";
  4. }
  5. else {
  6.   echo "Failure! Try again.";
  7. }
  8.  
Also note how I use the die() function there. Basically does the same thing the if statement after you query call does.
Problem solved. Thanks Atli.
Aug 29 '08 #7

P: 1
I think you are right and mysqli should be used instead
2 Weeks Ago #8

Post your reply

Sign in to post your reply or Sign up for a free account.