-3

I have a table with users name, this table have 2 column (username and password).
Suppose i have 2 record in this table. For example:

user1 is username with 1234 for password user2 with null password

The following code checks if there username has a value.

If it has a value: $response = "Yes"
If username not exist: $response = "No"

Now i want check if username exist with null password , then set

$response="No"

Here is my Code

$link = mysql_connect($server,$user,$pass);
mysql_select_db($db);
$response = 'no';
if(isset($_POST['username']) && trim($_POST['username']) != ''){
 $query = mysql_query("SELECT * FROM prochatrooms_users WHERE username = '".mysql_escape_string(trim($_POST['username']))."'", $link);
 if(mysql_num_rows($query) > 0){
  $response = 'yes';
 }
}
echo json_encode(array('exists' => $response));
Sam
  • 6,961
  • 15
  • 44
  • 63
user204570
  • 31
  • 2

2 Answers2

0

just add AND password !='' this line to your query

$link = mysql_connect($server,$user,$pass);
mysql_select_db($db);
$response = 'no';
if(isset($_POST['username']) && trim($_POST['username']) != ''){
 $query = mysql_query("SELECT * FROM prochatrooms_users WHERE username = '".mysql_escape_string(trim($_POST['username']))."' AND password !='' ", $link);
 if(mysql_num_rows($query) > 0){
  $response = 'yes';
 }
}
echo json_encode(array('exists' => $response));
krishna
  • 3,938
  • 2
  • 26
  • 56
0

Well as a first tip, do not use query concatenation when working with SQL. I strongly suggest using this approach instead: How can I prevent SQL injection in PHP?. Your method makes your login system heavily vulnerable to SQL injections and attackers.

If you want to check if your password is null, you can try this approach:

if ( trim($_POST['password']) == '') {
      $response = 'no';
}
Community
  • 1
  • 1
Andrei CACIO
  • 2,001
  • 12
  • 24