headrush Posted January 24, 2016 Share Posted January 24, 2016 Hi I am trying to create 2 functions.one to check that user exists and the other to check that user is active. However I keep getting the error unexpected ',' on line 4 When I remove the ',' I still get errors. Does anyone have any idea where I'm going wrong and how to resolve?Thanks <?php function user_exists($username) { $username = sanitize($username); $result = $mysqli->query($db,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` ='$username'"), 0) == 1) ? true : false; } function user_active($username) { $username = sanitize($username); $result = $mysqli->query($db,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` ='$username' AND `active` = 1 "), 0) == 1) ? true : false; } ?> Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 24, 2016 Share Posted January 24, 2016 The code makes no sense, neither syntactically nor semantically. You have misplaced parentheses, a mysterious “0” parameter (what is that supposed to do?), and the query() method simply doesn't work like this. You also shouldn't try to escape the input manually, because this is very error-prone. I don't even know what your sanitize() function does. Instead, use a prepared statement: $user_exists_stmt = $databaseConnection->prepare(' SELECT EXISTS ( SELECT 1 FROM users WHERE username = ? ) '); // Bind values to the parameters $user_exists_stmt->bind_param('s', $username); // Execute statement $user_exists_stmt->execute(); // Bind results to variables and fetch them $user_exists_stmt->bind_result($user_exists); $user_exists_stmt->fetch(); // Inspect result var_dump($user_exists); Quote Link to comment Share on other sites More sharing options...
headrush Posted January 24, 2016 Author Share Posted January 24, 2016 HiThank you so much for your response.What I have done is created a login form. and on click submit it checks this <?php if (empty($_POST) === false) { $username = $_POST['username']; $password = $_POST['password']; // If submited without entering in 1 box or both if(empty($username) === true || empty($password) === true) { $errors[] = 'You need to enter a username and password'; // If submited but username not in database } else if (user_exists($username) === false) { $errors[] = 'No username found. have you registered?'; } else if (user_active ($username) === false) { $errors[] = 'You need to activate your account to allow log in!'; } else { //somthing } print_r($errors); } ?> And using what you have provided it uses the functions. However When I login if I enter nothing in the username and password it does say 'please enter username and password'. However if I enter the correct username and password. it shows this? int 1 int 1 Array ( ) login.php <?php function user_exists($username) { $db = new mysqli('localhost','','','testing'); $user_exists_stmt = $db->prepare ('SELECT EXISTS (SELECT 1 FROM users WHERE username = ?)'); // Bind values to the parameters $user_exists_stmt->bind_param('s', $username); // Execute statement $user_exists_stmt->execute(); // Bind results to variables and fetch them $user_exists_stmt->bind_result($user_exists); $user_exists_stmt->fetch(); // Inspect result var_dump($user_exists); } function user_active($username) { $db = new mysqli('localhost','','','testing'); $user_active_stmt = $db->prepare ('SELECT EXISTS (SELECT 1 FROM users WHERE username = ? AND active =1)'); // Bind values to the parameters $user_active_stmt->bind_param('s', $username); // Execute statement $user_active_stmt->execute(); // Bind results to variables and fetch them $user_active_stmt->bind_result($user_exists); $user_active_stmt->fetch(); // Inspect result var_dump($user_exists); } ?> Quote Link to comment Share on other sites More sharing options...
headrush Posted January 24, 2016 Author Share Posted January 24, 2016 what I mean in above is its now showing the errors its showing the result as either the below and not showing the test errors I created.The only time it shows the error message is when I don't enter in one or both boxes and submits and echos out the error "You need to enter a username and password" So I know its doing the checks if user and password correct its displaying below int 1 2. 3.int 1 4. 5.Array ( ) if user and password incorrect int 1 2. 3.int 1 4.int 0 5.Array ( ) if not registered int 02. 3.int 0 4.int 0 5.Array ( ) Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 25, 2016 Share Posted January 25, 2016 There are still a lot of problems in your code. You appearently expect your functions to return booleans, but there's no return statement anywhere. Opening a new database connection for every function call is also a bad idea, because it's extremely inefficient and leads to a lot of duplicate code. Instead, open a single connection for the script and send all your queries to that connection. You can pass the MySQLi object to your functions or use a global variable for the connection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.