1

I have this part of code where I have my $row_count is always returning a value of 0 even i have the right username and password.

if (isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];

$stmt = $conn->prepare("SELECT * FROM users WHERE uName = ? AND uPassword = ?");
$stmt->bind_param('ss',$username,$password);
$stmt->execute() or die ($stmt->error);
$get_result=$stmt->get_result();
print_r($get_result); //DEBUG purpose
$row_count= $stmt->num_rows;
print_r($row_count); die;// DEBUG purpose
$stmt->close();
$conn->close();

if ($row_count>0){
    $_SESSION['uName'] = $username;


    echo "Logged in";
    exit();
}else{
    echo "Wrong credentials";
    exit();
}

}

btw, i have more rows on my tables does that affect the whole process? My code is always going to the else statment. mysqli_result Object ( [current_field] => 0 [field_count] => 10 [lengths] => [num_rows] => 0 [type] => 0 ) this is how i determined its always returning as 0. Thanks for your help no need of hashing the passwords just need to return a value of >1 thanks. :D

<html>
<head>
    <title>Login</title>
</head>

<body>
    <form action = "" method = "post">
    <input type = "text" name="username"><br>
    <input type = "password" name = "password"><br>
    <input type = "submit" name = "submit" value = "Login">
    <a href = "register.php">Create Account</a>
    </form>
</body>
</html>

This is the form.

Batz
  • 69
  • 10
  • 3
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jul 01 '16 at 14:41
  • I just want to create a very simple login without hashing passwords. Is that even possible? @JayBlanchard – Batz Jul 01 '16 at 14:43
  • Sure, it is possible, just not recommended. Who would want to use a site where the passwords are easily accessible? – Jay Blanchard Jul 01 '16 at 14:43
  • Instead of `print_r($row_count);` you should have `echo $row_count;`. `$stmt->num_rows` returns an integer, not an array. – Jay Blanchard Jul 01 '16 at 14:45
  • Oh, this is okay for me. It's just a simple plain code for my thesis project. Can you help me with my problem? @JayBlanchard – Batz Jul 01 '16 at 14:45
  • At the beginning of your script do `print_r($_POST);`. My guess is that your variables are not set. Can you also post the form code? – Jay Blanchard Jul 01 '16 at 14:46
  • 3
    BTW...I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."*. If you don't have time to do it right the first time, when will you find the time to add it later? – Jay Blanchard Jul 01 '16 at 14:47
  • I've edited my post and there's my form. @JayBlanchard – Batz Jul 01 '16 at 14:50
  • This exact same code was posted a day or so ago, I remember it quite well. However, that other account/question were most likely deleted and have left no traces whatsoever. What it didn't do though, is wipe it from "my memory" and I remember code quite well. So in short, check for errors; you're not doing that. – Funk Forty Niner Jul 01 '16 at 14:51
  • possible duplicate of [check if row exists with mysql](http://stackoverflow.com/questions/22252904/check-if-row-exists-with-mysql) – Funk Forty Niner Jul 01 '16 at 14:53
  • Yeah, but instead of scolding me of my incompetence can you please help me with this? :c @Fred-ii- – Batz Jul 01 '16 at 14:53
  • Can you show us the result of `print_r($_POST);`? – Jay Blanchard Jul 01 '16 at 14:55
  • Here, use this http://stackoverflow.com/a/29778421/ and make sure the password column is 60+ – Funk Forty Niner Jul 01 '16 at 14:55
  • `Array ( [username] => Batz [password] => 123 [submit] => Login ) ` That is what i've just typed on the fields. and on my database its the correct username and password @JayBlanchard – Batz Jul 01 '16 at 14:56
  • May you go to a chat room, please? – Igor Greg Jul 01 '16 at 14:59

0 Answers0