SELECT Statement Help

[jmfillman]

The function below always returns true, no matter what I pass for $eMail and $Password and I can't figure out why!! Please help!

 

 

  public function validateUser($eMail, $Password) {

$email = $eMail;

$pass = $Password;

$query = "SELECT * FROM regUsers WHERE eMail='$email' AND Password='$pass'";

$validResult = mysql_query($query);

if(!$validResult) {

    $msg=$this->err_prefix."Your e-mail and/or Password do not match. ".$this->mysql->error;

throw new Exception($msg);

}

else {

return true;

}

  }

[Psycho]

You are not checking the "results" of the query. You are merely checking to see if the query ran successfully, i.e. without errors:

 

public function validateUser($eMail, $Password)
{
   $query = "SELECT * FROM regUsers WHERE eMail='$eMail' AND Password='$Password'";
   $result = mysql_query($query);
   if(!$validResult)
   {
       //Query did not run
       $msg = $this->err_prefix."There was an error running the query. ".$this->mysql->error;
       throw new Exception($msg);
       return false;
   }
   else if (mysql_num_rows($result)!=1)
   {
       //Query ran, but there were no results
       $msg = $this->err_prefix."Your e-mail and/or Password do not match.";
       throw new Exception($msg);
       return false;
   }
   return true;
}

[jmfillman]

Thank you!

 

Shouldn't there be another else at the end?

 

else {

    return true;

}

[Psycho]

No need. The first two conditions will return false. So, if either of the failures occur it will never get to the return true. Only if the first two error confitions don't apply will the return true get processed.