php help

[Daniel_French]

Hello,

 

i got a problem with a part of my code :

 

<?php

// #1

 

 

 

function user_exists ($username) {

    $username = sanitize ($username);

    $query = mysql_query ("SELECT COUNT (user_id) FROM user WHERE username = '$username'");

    return (mysql_result($query, 0) == 1) ? true : false;

 

 

 

 

}

 

function user_active($username) {

$username = sanitize($username);

 

 

  return (mysql_result( mysql_query("SELECT COUNT(`user_id`) FROM `user` WHERE `username` ='$username' AND `active` = 1 "), 0) == 1) ? true : false;

 

}

?>

 

 

 

Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login\core\functions\users.php on line 9

 

this is the error i get ... 

 

i am building this based on a login & register tutorial on youtube but i did it the same way he did it and told how to ... i did let the code run through a php valdation check and it told me that mysql_query and mysql_result were outdated code ?!

 

just need help thanks alot 

[Frank_b]

mysql_ functions are deprecated!

 

it says that your query have failed. 

 

to check it out what goes wrong you should add error reporting:

$query = mysql_query ("SELECT COUNT (user_id) FROM user WHERE username = '$username'");
$result = mysql_result($query);
if(!$result)
    echo mysql_error($link);

[jcbones]

Yes, you should be using mysqli or PDO at this point.  Mysql has been depreciated, as it is considered in-secure from a security standpoint.  Does the table `user` exist in the database?  It is best to catch the database error, if the query fails.  That way you will get a true sense of what is going wrong.

 

That would turn your code into something like:

 

<?php
/* Connect to an ODBC database using driver invocation */
$dsn = 'mysql:dbname=test;host=127.0.0.1'; //Your dsn info.  dbname is your database, host is where the database is located. "localhost" or the IP address.
$user = 'dbuser'; //Your database username.
$password = 'dbpassword'; //Your database password.

//PDO Always use a try and catch when creating the object.  Per the manual.
try {
    $dbh = new PDO($dsn, $user, $password); //creating the PDO object.
    $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC); //Tell the object to only return associative arrays.
} catch (PDOException $e) { //if it fails.
    trigger_error( 'Connection failed: ' . $e->getMessage()); //tell us why.
}

function user_exists ($username,$db) { //function, passing the username, and the database into the function.
    $query = $db->prepare ("SELECT COUNT (user_id)  AS uid FROM user WHERE username = :user"); //prepare the query, with placeholder.
    if(!$query->execute(array(':user' => $username))) { //execute the query, replacing the placehold with a variable, the object treats it as a string.
        $error = '<pre>' . print_r($query->errorInfo(),true) . '</pre>'; //if the query fails, collect the error info.
        trigger_error($error); //trigger the error, if you have error_reporting, and display errors on which you should for production. You will see these errors on screen.
    }            
    $results = $query->fetch(); //get the results of the query.
    return $results['uid'] == 1 ? true : false;  //handle the results resulting in a true or false of the function.
}

//same as above.
function user_active($username, $db) {
    $query = $db->prepare("SELECT COUNT(`user_id`)  AS uid FROM `user` WHERE `username`= :user AND `active` = 1 ");
    if(!$query->execute(array(':user' => $username))) {
        $error = '<pre>' . print_r($query->errorInfo(),true) . '</pre>';
        trigger_error($error);
    }                
    $results = $query->fetch();
  return $results['uid'] == 1 ? true : false;
}


//function calls.
if(user_exists('admin',$dbh) || user_active('admin',$dbh)) {
    echo 'Yes';
} else {
    echo 'No';
}
?>