0

I have ran this code on various PHP validators on the internet its says that these two functions (mysql_query, mysql_result) have been deprecated in the current version of PHP.

The following piece of code is not executing properly even though the username and password I type into the login form are the exact same as what is in the database/phpMyAdmin?

<?php
    function user_exists($username){

    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(user_Id) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
?>
Francisco
  • 10,918
  • 6
  • 34
  • 45
HelloWoRlD
  • 129
  • 4
  • 12

1 Answers1

-1

this should work :

$sqluserandpass = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($con, $sqluserandpass); 
$check = mysqli_fetch_array($result);
if(isset($check)){
   //User is existed
}else{
   //User is not existed
{

You should also avoid SQL injections by simply doing something like this :

$stmt = $conn->prepare("SELECT * FROM users WHERE (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $password);

//execute
$stmt->execute();

Hope that was useful to you :)

Mousa Alfhaily
  • 1,260
  • 3
  • 20
  • 38
  • 1
    This is useful, but still bad, because it doesn't explain how to avoid SQL injection. – Adder Apr 12 '17 at 12:06
  • @Adder I'm not answering how to use PreparedStatement or how to avoid SQL injection, I'm aswering his question to solve his problem. – Mousa Alfhaily Apr 12 '17 at 12:12