mysql_num_rows problems

Anon

I am trying to learn how to authenticate users with PHP and a mySQL database. I have this script which works fine when correct username and password are placed in the form. If incorrect values are used, code stops executing at $num = mysql_num_rows($result) or die(\"Couldn\'t get count.\");

am I using the mysql_num_rows function incorrectly? Thanks for any help.

Here is my script:

<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">

<head>
<title>My Login Form</title>
</head>

<body>
<?php
/ Continue a process depending on the value of the $do variable.
If this is the first time to access this script, the $do variable
has no value. /

switch ($do) {
	//if the value of $do is \"authenticate\", continue this process
	case \"authenticate\":
		/* When submitting a form, PHP automatically assigns values to 
		   variables with names matching the form fields. In this case, $user_name
		   and $password have already been created. */

		//Open the database connection
		$connection = mysql_connect(\"localhost\", \"tomp73\", \"8hvQdXWs\")
			or die (\"Unable to connect to the database.\");

		$db = mysql_select_db(\"atthewoods_net\", $connection)
			or die (\"Couldn\'t select the database.\");

		//Formulate the query
		$sql = \"SELECT id FROM users WHERE user_name=\'$user_name\' AND password=\'$password\'\";

		//Execute the query and put the results in $result
		$result = mysql_query($sql)
			or die (\"Couldn\'t execute the query.\");

		//Get number or rows in $result. Should be 0 if invalid, 1 if valid
		$num = mysql_num_rows($result)
			or die (\"Couldn\'t get count.\");

		//Present results based on validity
		if ($num == 1){
			echo \"<p>You are a valid user!<br>\";
			echo \"Your username is $user_name<br>\";
			echo \"Your password is $password</p>\";
		}
		else if ($num == 0){
			unset($do);
			echo \"<p>You are not authorized! Please try again.</p>\";
			/* the next command automatically places the contents of the
			   login_form.inc at this position; the HTML form fields will display. */

			include(\"login_form.inc\");
		}

		break;

		default:
		/* The default case, in this instance, means \"if no value exists
		   for $do, or if no other case matches a value for $do, display the login form.\"
		   We only send a value for $do in the action of the form, i.e.
		   <form action=\"login2.php3?do=authenticate\" ...> */

		   include(\"login_form.inc\");
	}
?>

</body>

Anon

It dies because that's what it is supposed to do if it doesn't find a match in the db. You could change the code to just echo 'invalid username' and include the file again to force them to try again.

Anon

$num = mysql_num_rows($result) or die("Couldn't get count.");

This is working as it should. If the query retrieves no rows,
$num is 0, which is interepreted as false in most contexts.
It's your error message that needs fixing: it should say "Can't
log in" or something like that.

Anon

Hello Tom,
Here are some things you might like to consider over an above previous replies. (Send an email to the editor to get this expanded in to an article :-))

$num = mysql_num_rows($result) or die (\"Couldn\'t get count.\");

This code will produce the error message if the reply is false and false could be false, 0, "" or "0". It is often safer to say:

$num = mysql_num_rows($result);
if($num == false) { produce an error message }
elseif ....

In PHP4, you can use
if($num === false) { produce an error message }
to elimnate confusion with 0, "" or "0". In fact you could make your code
if($num === false) { produce an error message }
elseif($num === 0) { produce an error message }
else { produce an error message }
for those occasions where functions do provide zero as a valid non false value.

if ($num == 1){
else if ($num == 0){
is dangerous because there are potential conditions not covered. It is safer to have
if ($num == 1){
else if ($num == 0){
else {die("What happened? \$num==" . $num)

If you replace
die ("Couldn\'t get count.");
with
$mes["usernotfoundintable"] = "Couldn\'t get count.";
die ($mes["usernotfoundintable"]);
you can put your message in a central include that can be shared with help screens, pop up messages and documentation for people testing your application. This will make your code easier to change as your code expands and your site becomes multi-lingual.

tom palermo wrote:

am I using the mysql_num_rows function incorrectly? Thanks for any help.

Here is my script:

<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">

<head>
<title>My Login Form</title>
</head>

<body>
<?php
/ Continue a process depending on the value of the $do variable.
If this is the first time to access this script, the $do variable
has no value. /

switch ($do) {
	//if the value of $do is \"authenticate\", continue this process
	case \"authenticate\":
		/* When submitting a form, PHP automatically assigns values to 
		   variables with names matching the form fields. In this case, $user_name
		   and $password have already been created. */....