PaulRyan Posted December 19, 2010 Share Posted December 19, 2010 This is something that has intrigued me, that has only recently surfaced when viewing the forum. Which of the following methods of authenticating that a user exists would be better/faster/ect? Example 1 - Fetching Row Data <?PHP $username = 'LoserVille'; $password = 'password'; $myQuery = mysql_query("SELECT account_id FROM user_accounts WHERE username = '$username' AND password = '$password'"); $myQuery = mysql_fetch_assoc($myQuery); if($myQuery) { /*### User Exists ###*/ } else { /*### User Does Not Exist ###*/ } ?> Example 2 - Fetching Number of Results <?PHP $username = 'LoserVille'; $password = 'password'; $myQuery = mysql_query("SELECT account_id FROM user_accounts WHERE username = '$username' AND password = '$password'"); $myQuery = mysql_num_rows($myQuery); if($myQuery >= 1) { /*### User Exists ###*/ } else { /*### User Does Not Exist ###*/ } ?> Just looking for some insight, not really a problem Regards, PaulRyan. Quote Link to comment Share on other sites More sharing options...
trq Posted December 19, 2010 Share Posted December 19, 2010 Neither are particularly good because you never check that the query succeeds before using its result. But yeah, once you do that, you'll want to check the number of rows returned. Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted December 20, 2010 Author Share Posted December 20, 2010 I just wrote those out on the editor on here, never crossed my mind to add "or die(mysql_error())" The method you suggested, is that the "correct" way to do it or just preference? Regards, PaulRyan. Quote Link to comment Share on other sites More sharing options...
trq Posted December 20, 2010 Share Posted December 20, 2010 I wouldn't use or die() for anything. There's numerous posts around saying why. The method I suggested is (IMO) the correct way. <?php $username = 'LoserVille'; $password = 'password'; $myQuery = "SELECT account_id FROM user_accounts WHERE username = '$username' AND password = '$password'"; if ($result = mysql_query($myQuery)) { if (mysql_num_rows($result)) { // user exists } else { // no user found } } else { // query failed. trigger_error(mysql_error() . "<br />$myQuery"); } ?> Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted December 20, 2010 Author Share Posted December 20, 2010 I only use the "or die()" for testing purposes Ahh well thank you for the example Thorpe, I usually structure mine similar to yours. Thanks for clearing that up buddy Regards, PaulRyan. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.