Jump to content

The query return 0 record


Fabio

Recommended Posts

Hi to everyone,

I am preparing the log-In page and when I am going to controll if the user is present in the user-list with two fields: matricola and password, MySQL return zero record.

I do not understand where is the error because I am novice in programming with PHP.

The code is:

function controlUser($matricola, $password)
    {
        include $_SERVER['DOCUMENT_ROOT'] . '../db.conn.php';
        
        try
        {
            $sql = 'SELECT COUNT(*) FROM personale WHERE Matricola = :matricola AND password = :password';
            $s = $pdo -> prepare($sql);
            $s -> bindValue(':matricola', $matricola);
            $s -> bindValue(':password', $password);
            $s -> execute();
        } 
        catch (PDOException $e) 
        {
            $error = 'Errore durante la ricerca!';
            include $_SERVER['DOCUMENT_ROOT'] . '../error.html.php';
            exit();
        }
        
        $row = $s -> fetch();
        
        if ($row[0] > 0)
        {
            return TRUE;
        }
        else
        {
            return FALSE;
        }
    }

Link to comment
Share on other sites

MD5 is not encryption, and MD5 has not been suitable for cryptographic use since the mid-90s.  PHP has several built-in functions specifically for storing and verifying passwords:

http://php.net/manual/en/ref.password.php

If that function is returning false then it sounds like the username and password values don't match what is in the database.  You can try to print those values out and verify what is in the database to make sure they match, but it sounds like they don't.

Link to comment
Share on other sites

That wouldn't affect anything, it only returns 1 row.  Although I have seen a recent MySQL bug where COUNT(*) was returning 0 even when there were matching rows.  But there's still plenty of verification to do here before deciding it's a bug in MySQL.

Link to comment
Share on other sites

On 8/31/2017 at 8:32 PM, justsomeguy said:

You might want to double-check that before deciding that using fetchAll works.  Enter a username and an incorrect password and see whether using fetchAll with the same code lets you log in with the wrong password.

It shouldn't let him log in as long as there is no other user with the same "Matricola" as in his SQL, i'm using fetchAll myself and i intentionally created another username with the same password as my other username and it won't log me in.

Link to comment
Share on other sites

I suppose it depends how PHP decides to cast an array to an integer, because without changing any other code, now this:

        $row = $s -> fetchAll();
        
        if ($row[0] > 0)

is testing whether the array that contains the count is greater than 0.  That test doesn't make sense, just switching to fetchAll and making no other changes is not correct.  If you're expecting a single record with a single column - the count - then use fetch and check the first column like he did.  That's the correct thing to do.  Using fetchAll on a query that will only ever return one record isn't the right tool for the job.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...