probleme returning a value from function

channark

im trying to build a login system i create some functions one of it is to return the user_id but it dosn't work with mysql_result() here is my code

My functions

//security
function sanitize($input){
	$input= mysql_real_escape_string($input);
	$input=trim($input," ");
	return $input;
}

//get user_id
function get_user_id($username){
	$query=mysql_query("SELECT 'user_id' FROM user_admin WHERE username = '$username'");
	return mysql_result($query, 0, "user_id");
}

//check username and pass
function login($username , $password){
	$username=sanitize($username);
	$password=md5($password);

$user_id=get_user_id($username);
$query=mysql_query("SELECT COUNT('user_id') FROM user_admin WHERE username='$username' AND password='$password' ");
return (mysql_result($query , 0) == 1) ? $user_id :  false ;

}

my login page code :

<?php
	require_once('../requ/conn.inc.php');
	require_once('functions/inc.f.php');

//check post existance
if(empty($_POST) === false){

	//check login fields not empty if so error
	if(empty($_POST['username']) || empty($_POST['password'])){
		$errors[]="All fields should be field in";
	}else{
		//security # mysql injaction
		$username=sanitize($_POST['username']);
		$password=$_POST['password'];
		//check username existance in DB
		$query=mysql_query("SELECT COUNT('user_id') FROM user_admin WHERE username='$username' ");
		$username_existance=mysql_result($query,0);
		if($username_existance != 1){
			$errors[]="Invalid Username please try again";
		}else{
		//check username and password
			$login=login($username , $password);
			if($login=== false){
				$errors[]=" Invalid Username And/Or Password try again. ";
			}else {
				die($login);
			}
		}
	}
}
?>

 <!DOCTYPE HTML>
 <html>

 <head>
	<title>Administration Raffle -Login-</title>
	<link rel="stylesheet" type="text/css" href="style/general.css"/>
 </head>

 <body>

<div id="container">

<div id="header">
<h1>Administration -Back Office-</h1>
<h4>The big Raffle of the year</h4>
</div>

<div id="body">

	<div id="menu-h">
		<ul>
		<li><a href="index.php">Home</a></li><a href="prices.php">Prices</a><a href="addprice.php">Add price</a><a href="participants.php">Participants</a><a href="winners.php">Winners</a>
		</ul>
		<ul id="login"><li><a href="login.php">Login</a></li></ul>
	</div>

	<div id="content">
	<?php
	if(isset($errors)) {output_errors($errors); }
	//echo $username." ".$username_existance;
	?>

<form method="post" action="login.php" name="login">

<p> <label for="username"> Username :  </label> <input type="text" id="username" name="username" value=" " /> </p>
<p><label for="password"> Username :  </label> <input type="password" id="password" name="password" value="" /></p>
<p> <input type="submit" name="login" value="Login"/> </p>

</form>

	</div>

</div>
<div id="footer">
<p class="cr">CHANNARK All Rights reserved © 2013</p>
</div>

</div>

 </body>

 </html>

this code should displays the user_id witch is an integer but what it display now is that: user_id
Thanks

Weedpacket

First of all, you're using the deprecated MySQL extension.

Second, you're needlessly quoting the name of the [font=monospace]user_id[/font] column (you only need to quote an identifier if it's a reserved word), and when you do, you're using the wrong quotes (the quotes you're using make [font=monospace]user_id[/font] a string literal).

channark

Hi first thank you for your replay

i am a beginner can plz define exactly witch part of the code you r talking about.

for deprecated MySQL extension if you mean mysql_result() im still using it an it work for the quotes i change it many times but it dosn't work.

//get user_id
function get_user_id($username){
	$query=mysql_query("SELECT 'user_id' FROM user_admin WHERE username = '$username' ");
	return mysql_result($query, 0, 'user_id');
}

Weedpacket

channark wrote:
i am a beginner can plz define exactly witch part of the code you r talking about.

The part where you mention [font=monospace]user_id[/font].

channark wrote:
for deprecated MySQL extension if you mean mysql_result() im still using it an it work for the quotes i change it many times but it dosn't work.

See the manual page for [man]mysql_result[/man]. The big red notice at the top.

Oh, wait, that's a run-on sentence.....

channark wrote:
for deprecated MySQL extension if you mean mysql_result() im still using it an it work

See the manual page for [man]mysql_result[/man]. Read the big red notice at the top.

for the quotes i change it many times but it dosn't work.

So you do know which part of the code I'm talking about. But you haven't changed the quotes.

traq

channark;11025129 wrote:
for deprecated MySQL extension if you mean mysql_result() ...

He means the entire extension. All functions that start with [font=monospace]mysql_[/font] are deprecated and should not be used. Look at [man]mysqli[/man] (my preference) or [man]PDO[/man] instead.

NogDog

While yes, it would be nice to move on from the old MySQL extension, to get to your problem, there are a couple possibilities:

Your query is invalid for some reason, so mysql_query() is returning boolean false.
Your query is valid, but you are not finding any matches -- either because there are, in fact, no matches, or your query logic is wrong.

So, first check if $query is false after your call to mysql_query(), and if it is put in some debug code there to find out what happened (mysql_error() can be your friend there). If it is not false, then use mysql_num_rows() to find out if, in fact, anything was returned before assuming there is anything to fetch via mysql_result()