0

i am doing a program to validate a data i.e checking whether the entered username is present in the database or not.But i am finding that the code is not entering the first if condition i.e.if ($result->num_rows > 0) {

<?php  
include('custdb.php');
session_start();
$f=0;
//$user=mysqli_real_escape_string($conn,$_POST['username']);
//$pass=mysqli_real_escape_string($conn,$_POST['password']);
//$fetch=$conn->query("SELECT * FROM `info` WHERE username='".$uname."' and password='".$pass."'");
//$_SESSION['info_username']=$user;
//header("Location:custprofile.php");
echo $uname=$_POST['username'];
 echo "<br>";
 echo $pass=$_POST['password'];
$sql = "SELECT * FROM `info` WHERE `email`=".$uname;
 $result = $conn->query($sql);
 echo"done";
if ($result->num_rows > 0) {
     // output data of each row
     while($row = $result->fetch_assoc()) {

        if($uname==$row["email"])
        {
            $f=1;
        }
        else
        {
            $f=0;
        }


    //echo '<h4 align="left"><a href="update.php?id='.$pro_id.'&qty='.$qty.'">Update Quantity</a> </h4>';   
}
if($f==1)
{
   header("Location:custprofile.php"); 
}
else
{
    header("Location:custindex.php"); 
}
}
else {
     echo "0 results";
}

?>
Jay Blanchard
  • 32,731
  • 15
  • 70
  • 112
abhi
  • 27
  • 5
  • 2
    Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 28 '16 at 11:45
  • you are getting username in $_POST and matching `email` – Vivek Singh Apr 28 '16 at 11:47
  • 1
    They are using the email address for the username @Vicky, or seem to be. – Jay Blanchard Apr 28 '16 at 11:49
  • Have you checked your error logs? You're making an assumption the query is working. Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Apr 28 '16 at 11:53

1 Answers1

0

There is a problem with your sql query. The quotes around $uname are missing.

$sql = "SELECT * FROM `info` WHERE `email`='".$uname."';";
D14n4
  • 120
  • 6
  • 3
    Why should the OP "try this"? A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Apr 28 '16 at 11:55
  • OK, my bad. The quotes around $uname are missing. I asked the OP to "try" because I don't know if it'll work, since I don't know if $_POST['username'] retrieves anything :) – D14n4 Apr 28 '16 at 12:07
  • What @JayBlanchard refers (or at least what I think about) is that you should have to edit your answer, instead to put it in a comment to allows people that arrives here to see clearly what the solution to the problem is. – Francisco Romero Apr 28 '16 at 12:13
  • Thank you Error404, it's quite difficult to be a beginner in the SO jungle ^^ – D14n4 Apr 28 '16 at 12:21
  • @D14n4 You are welcome :) It is a bit difficult at the beginning but there is always time to learn :) – Francisco Romero Apr 28 '16 at 15:14