Jump to content

The query return 0 record


Recommended Posts

Hi to everyone,

I am preparing the log-In page and when I am going to controll if the user is present in the user-list with two fields: matricola and password, MySQL return zero record.

I do not understand where is the error because I am novice in programming with PHP.

The code is:

function controlUser($matricola, $password)
    {
        include $_SERVER['DOCUMENT_ROOT'] . '../db.conn.php';
        
        try
        {
            $sql = 'SELECT COUNT(*) FROM personale WHERE Matricola = :matricola AND password = :password';
            $s = $pdo -> prepare($sql);
            $s -> bindValue(':matricola', $matricola);
            $s -> bindValue(':password', $password);
            $s -> execute();
        } 
        catch (PDOException $e) 
        {
            $error = 'Errore durante la ricerca!';
            include $_SERVER['DOCUMENT_ROOT'] . '../error.html.php';
            exit();
        }
        
        $row = $s -> fetch();
        
        if ($row[0] > 0)
        {
            return TRUE;
        }
        else
        {
            return FALSE;
        }
    }

Link to post
Share on other sites

MD5 is not encryption, and MD5 has not been suitable for cryptographic use since the mid-90s.  PHP has several built-in functions specifically for storing and verifying passwords:

http://php.net/manual/en/ref.password.php

If that function is returning false then it sounds like the username and password values don't match what is in the database.  You can try to print those values out and verify what is in the database to make sure they match, but it sounds like they don't.

Link to post
Share on other sites

That wouldn't affect anything, it only returns 1 row.  Although I have seen a recent MySQL bug where COUNT(*) was returning 0 even when there were matching rows.  But there's still plenty of verification to do here before deciding it's a bug in MySQL.

Link to post
Share on other sites

You might want to double-check that before deciding that using fetchAll works.  Enter a username and an incorrect password and see whether using fetchAll with the same code lets you log in with the wrong password.

Link to post
Share on other sites
On 8/31/2017 at 8:32 PM, justsomeguy said:

You might want to double-check that before deciding that using fetchAll works.  Enter a username and an incorrect password and see whether using fetchAll with the same code lets you log in with the wrong password.

It shouldn't let him log in as long as there is no other user with the same "Matricola" as in his SQL, i'm using fetchAll myself and i intentionally created another username with the same password as my other username and it won't log me in.

Link to post
Share on other sites

I suppose it depends how PHP decides to cast an array to an integer, because without changing any other code, now this:

        $row = $s -> fetchAll();
        
        if ($row[0] > 0)

is testing whether the array that contains the count is greater than 0.  That test doesn't make sense, just switching to fetchAll and making no other changes is not correct.  If you're expecting a single record with a single column - the count - then use fetch and check the first column like he did.  That's the correct thing to do.  Using fetchAll on a query that will only ever return one record isn't the right tool for the job.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...