Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -3 down vote favorite

My problem being this:

 <?php
 function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT_COUNT('user_id') FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false;
 }
 ?>

As you can see I have included my database name which IS correct and the user DOES exist and this is where I am calling it to pull from sql:

<?php
include 'core/init.php';

if (user_exists('dan') === true) {
echo 'exists';
} 

 die();

if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) === true || empty($password) === true {

    $errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
    $errors[] = 'Sorry this user does not exist';
}
}
?>

I am not sure why I am getting a blank page and it isn's showing the message to say the user exists?

share|improve this question
1  
Use of the mysql_* functions in PHP is discouraged in favor of PDO or MySQLi (find out why) – Hiroto Mar 30 at 12:45
2  
What is die(); doing in the open? ;) – dbf Mar 30 at 12:55
@dbf - this function has been taken out now but im still getting the blank page – Dan Mar 30 at 13:08

closed as too localized by tereško, Benjamin Gruenbaum, Antony, Roman C, phs Mar 30 at 18:57

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, see the FAQ.

3 Answers

up vote 1 down vote accepted

Aside from that silly typo in your query, the way you are using mysql API is indeed a terrible one.
Some critical flaws to be noted

  • whatever "sanitize" function used to build a query should add quotes around returned value. Otherwise it will do no good and lead you to injection.
  • you aren't checking for the mysql errors
  • you are writing your code in one line making it extremely hard to read.

What it should be at the very least

function user_exists($username) {
    $username = sanitize($username); // remember it should add the quotes
    $sql = "SELECT COUNT(1) FROM `user` WHERE `username` = $username";
    $res = mysql_query($sql) or trigger_error(mysql_error().$sql);
    $row = mysql_fetch_row($res);
    return !empty($row[0]);
 }

I am not sure why I am getting a blank page.

Most likely it is caused by some PHP error.
Either tell PHP to show them on-screen or peek into server error log to read the error message

Or there is no such user in the database.

So, make your code like this

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

echo "testing<br>";

include 'core/init.php';

if (user_exists('dan')) {
   echo 'exists';
} else {
   echo 'not found';
}
share|improve this answer
Ok thank you for pointing out the problems, I kinda knew there where some security issues but thanks for the updated code, however the problem still exists? – Dan Mar 30 at 12:55
He's getting a blank page because of the die(); most likely. – Hiroto Mar 30 at 12:59
I have taken out the die(); but the blank page keeps returning and not clarifying that the user exists, now the database is connected because if change the password it comes back with errors – Dan Mar 30 at 13:06
@Your Common Sense - The code you have provided now does show the testing but regardless of what I put into the form. – Dan Mar 30 at 13:11
You know I was including my ini.php file well here is the code in there if it helps... <?php session_start(); error_reporting(0); require 'database/connect.php'; require 'functions/general.php'; require 'functions/users.php'; $errors = array(); ?> – Dan Mar 30 at 13:13
show 4 more comments
up vote 1 down vote

here might be your syntax error which could not be fire 

(mysql_result(mysql_query("SELECT_COUNT('user_id') FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false;

give space between SELECT COUNT remove underscore "_" because it will give you mysql error

share|improve this answer
up vote 0 down vote

The problem is here

 SELECT_COUNT('user_id')
       ^

should be

 SELECT COUNT('user_id')
share|improve this answer
The issue still exists even with remove the underscore... – Dan Mar 30 at 12:44
I have double checked it it taking it from the correct table name and username is a field which I have populated a user called dan under username – Dan Mar 30 at 12:47

Not the answer you're looking for? Browse other questions tagged or ask your own question.