"Do you actually need to bring back the user data? What I mean is, you're selecting * from the users table and doing nothing with it other than worrying if the query was successful or not."
ops!! I forgot to mention that the username is used elsewhere in a different file somewhere (to verify the session exists and stuff). thats the only thing directly used elsewhere... as far as the password thing goes it needs to know if they put in the right username and password (i.e. a row that has the username/password they put in). "It would make far more sense if you just did this: SELECT COUNT(username) AS hits FROM users WHERE ..." dont know because then how would i verify that the valid user was logged in or if they typed the wrong stuff in?? "Providing your query syntax is good this will always return a value in "hits". A zero means no users, anything above and you've got a live one." very true...might come in handy for the register a user part.... "Also - I doubt I need to mention this, but you're injecting POST variables directly into a SQL query. I hope your example above was just that and isn't the actual way you're doing it?" yikes!! good thing this is just a testing site...how to insert them if $_POST isnt the right way then?? "and $UserExists in this example is either true or false because "empty set" in mysql isnt even a number it = NULL $UserExists in your example will never be TRUE, it can only ever be FALSE. mysql_query does not, under any circumstances, return a boolean TRUE value. It either returns a FALSE (if it was a select query) or a *resource identifier* regardless of "empty sets"." Can we disagree here? if i take my original query (at the top of this email) and assign the result of it to a variable $UserExists like we did above and test it: if($UserExists) {//assuming the server found anything to start with echo $UserExists; //fortunately the server found a match somewhere because //the result of printing $UserExists is "Resource id #4" } else {//what if the server couldnt find a valid row?? echo $UserExists;//results in a blank screen assuming the //server couldnt create the resource id because of no valid //matching rows } on the other hand if i didthis: if(num_of_rows($UserExists){ echo num_of_rows($UserExists);//will get 1 } else { echo num_of_rows($UserExists);//will get: warning: not a //valid resource identifier for num_of_rows.... } now if i just did: select * from users for num_of_rows i would get 3 for an answer because there are 3 rows in the table... and the "else" part would never be used... "Sometimes if this resource identifier equals the value of 1 then a loose comparison to "true" might exist, but only because PHP is determining this value as such, not because it really is a true boolean value." if that is so, then how do you explain the above?? "In the example above, providing all the data is given (username and password) the query will return what appears to be "TRUE" regardless of what happens. Imagine you have a user "bob" in your database and his password is "hi", look at the two following queries:" again, explain the above... "SELECT * FROM users WHERE username='bob' AND password='hi' SELECT * FROM users WHERE username='bob' AND password='incorrect'" different for sure...if your saying that i would still get a resource id from both of those on my example then why does it somehow know the difference? "Both of them will make mysql_query return a resource identifier" not if the comparison between the username/pwd from the form and the db are different...then they wouldnt be the same thing (thats why i compare the username against the password) "because they are both correct from a syntax point of view. But in actual fact they're telling you two completely different things." agree but im not testing the syntax "Without doing a COUNT or knowing how many rows the query returned, you cannot determine if the user does already exist or not, all you can tell is if your query worked and an invalid user does not = an invalid query." sorry for repeating but somehow it knows the difference... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php