"Do you actually need to bring back the user data? What I mean is,
you're selecting * from the users table and doing nothing with it other than
worrying if the query was successful or not."
ops!! I forgot to mention that the username is used elsewhere in a different
file somewhere (to verify the session exists and stuff). thats the only
thing directly used elsewhere... as far as the password thing goes it needs
to know if they put in the right username and password (i.e. a row that has
the username/password they put in).
"It would make far more sense if you just did this:
SELECT COUNT(username) AS hits FROM users WHERE ..."
dont know because then how would i verify that the valid user was logged in
or if they typed the wrong stuff in??
"Providing your query syntax is good this will always return a value in
"hits". A zero means no users, anything above and you've got a live
one."
very true...might come in handy for the register a user part....
"Also - I doubt I need to mention this, but you're injecting POST
variables directly into a SQL query. I hope your example above was
just that and isn't the actual way you're doing it?"
yikes!! good thing this is just a testing site...how to insert them if
$_POST isnt the right way then??
"and $UserExists in this example is either true or false because "empty set"
in mysql isnt even a number it = NULL
$UserExists in your example will never be TRUE, it can only ever be
FALSE. mysql_query does not, under any circumstances, return a boolean
TRUE value. It either returns a FALSE (if it was a select query) or a
*resource identifier* regardless of "empty sets"."
Can we disagree here? if i take my original query (at the top of this email)
and assign the result of it to a variable $UserExists like we did above and
test it:
if($UserExists) {//assuming the server found anything to start with
echo $UserExists;
//fortunately the server found a match somewhere because
//the result of printing $UserExists is "Resource id #4"
} else {//what if the server couldnt find a valid row??
echo $UserExists;//results in a blank screen assuming the
//server couldnt create the resource id because of no valid
//matching rows
}
on the other hand if i didthis:
if(num_of_rows($UserExists){
echo num_of_rows($UserExists);//will get 1
} else {
echo num_of_rows($UserExists);//will get: warning: not a
//valid resource identifier for num_of_rows....
}
now if i just did: select * from users for num_of_rows i would get 3 for an
answer because there are 3 rows in the table... and the "else" part would
never be used...
"Sometimes if this resource identifier equals the value of 1 then a loose
comparison to "true" might exist, but only because PHP is determining this
value as such, not because it really is a true boolean value."
if that is so, then how do you explain the above??
"In the example above, providing all the data is given (username and
password) the query will return what appears to be "TRUE" regardless
of what happens. Imagine you have a user "bob" in your database and
his password is "hi", look at the two following queries:"
again, explain the above...
"SELECT * FROM users WHERE username='bob' AND password='hi'
SELECT * FROM users WHERE username='bob' AND password='incorrect'"
different for sure...if your saying that i would still get a resource id
from both of those on my example then why does it somehow know the
difference?
"Both of them will make mysql_query return a resource identifier"
not if the comparison between the username/pwd from the form and the db are
different...then they wouldnt be the same thing (thats why i compare the
username against the password)
"because they are both correct from a syntax point of view. But in
actual fact they're telling you two completely different things."
agree but im not testing the syntax
"Without doing a COUNT or knowing how many rows the query returned, you
cannot determine if the user does already exist or not, all you can
tell is if your query worked and an invalid user does not = an invalid
query."
sorry for repeating but somehow it knows the difference...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
