php - mysqli query returns 0 results despite information in MySQL database -
i in process of making login screen once session has been set person can access various pages on site.
it seems, however, when send username , password compared have in mysql database results come empty.
mysql table:
id, username, password, email, group 1, bunbun, hashedpassword, example@email.com, admin php code:
<?php include_once("functions/con-open.php"); if (isset($_post['username'])) { $name = $_post['username']; //$password = password_hash($_post['password'], password_bcrypt); $password = $_post['password']; $name = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); } function login($name, $password) { $conn = new mysqli(host,user,password,database); if ($conn->connect_errno) { printf("connect failed: %s\n", $conn->connect_error); exit(); } if ($result = $conn->query("select * persons username='$name'", mysqli_use_result)) { printf("select returned %d rows.\n", $result->num_rows); echo "<br>name dump<br>"; var_dump($name); echo "<br>password dump <br>"; var_dump($password); echo "<br>"; echo "<br>"; var_dump( $result); $result->close(); } else { echo"no details returned <br>"; var_dump( $result); $result->close(); } } ?> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>login</title> <link type="text/css" href="css.css" rel="stylesheet" /> </head> <body> <form action="login.php" method="post" name="login-form"> email: <input type="text" name="username" /><br> password: <input type="password" name="password"/> <input type="submit" value="login"/> </form> <?php if ($_server['request_method'] == 'post') { login($name, $password); } ?> </body> </html> the result is
select returned 0 rows. have typed in username field: have typed in password field: name db: password db: object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(5) ["lengths"]=> null ["num_rows"]=> int(0) ["type"]=> int(0) } any ideas going wrong?
column hash vchar(255) gave enough room beginning.
update! maybe more serious, have changed code above reflect excellent answer maytham. still returning 0 results
took liberty of adding within loop, if (isset($_post['username']))
echo "this value name is: ".$name."<br>"; and same before call login($name, password); see if $name set, is.
between function being called , $name being used in sql query value empty. not sure why i'll have debug php installation see if there bugs.
here have observed , fix you.
follow steps , should works:
step a
if ($result = $conn->query("select * persons username='$name'", mysqli_use_result)) to
if ($result = $conn->query("select * persons username = '$name'")) step b
the code presented in question, function login need end }
function login($name, $password) step c (optional)
when test have changed password plain text sure every thing working, you.
$password = $_post['password']; step d
at beginning of code put if statement
if (isset($_post['username'])) { $name = $_post['username']; // disable testing //$password = password_hash($_post['password'], password_bcrypt); $password = $_post['password']; } step e (optional)
i suggest change variables $username $username
step f
try protect inputs sql injection adding mysql_real_escape_string:
$name = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); - thank user @ibu noticing that
finally here full workable code modification:
<?php if (isset($_post['username'])) { $name = $_post['username']; //$password = password_hash($_post['password'], password_bcrypt); $password = $_post['password']; $name = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); } function login($name, $password) { $conn = new mysqli("localhost", "root", "", "test"); if ($conn->connect_errno) { echo "failed connect mysql: (" . $conn->connect_errno . ") " . $conn->connect_error; } if ($result = $conn->query("select * persons username = '$name'")) { $row = $result->fetch_assoc(); printf("select returned %d rows.\n", $result->num_rows); echo "<br />"; echo "this have typed in username field: " . $name; echo "<br />"; echo "<b>name db: </b>" . $row['username'] . "<br />"; echo "<b>password db: </b>" . $row['password'] . "<br />"; echo "<br />"; var_dump($result); $result->close(); } else { echo "no details returned <br>"; var_dump($result); $result->close(); } } ?> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <title>login</title> <link type="text/css" href="css.css" rel="stylesheet"/> </head> <body> <form action="login.php" method="post" name="login-form"> email: <input type="text" name="username"/><br> password: <input type="password" name="password"/> <input type="submit" value="login"/> </form> <?php if ($_server['request_method'] == 'post') { login($name, $password); } ?> </body> </html> here test shot screen: 
note: when mentioned, not mean code or presented or perfect solution. there lot have think when building login mechanism. code vulnerable sql injection need , have lot work. encourage at:
link1: http://www.wikihow.com/create-a-secure-login-script-in-php-and-mysql
link2: https://www.owasp.org/index.php/category:owasp_top_ten_project
link3: http://php.net/manual/en/mysqli.quickstart.statements.php
Comments
Post a Comment