mysql_num_rows returning false

Question

I am fairly new to PHP. I have been trying to work this issue out but with no luck. Hoping for some help from you guys!

So it's fairly simple. I have a form that is running a PHP script to check if the user exists in MySQL database. When users are created I am hashing the password with sha1 (something I am new to). The hashing works just fine. But when I then try to check user on the form, it keeps returning false.

The code checking if user exists (user_login.php)

<?php
//include db connect
  include ("db_con.php");

//set variable names
  $username = $_POST['username'];
  $password = $_POST['password'];

//start session
  session_start();

 $checklogin = mysqli_query($con, "SELECT * FROM users WHERE username = '".$username."' AND password= sha1('".$password."')"); 
  if(mysql_num_rows($checklogin) == 1) {  
   echo 'Success!';
 } else {
  echo 'No';
 }

?>

If needed here is the form (login_form.php)

<table border="1">
          <form action="functions/user_login.php" name="login" method="post">
            <tr>
              <td><input type="text" name="username" placeholder="Enter Username" required /></td>
            </tr>
            <tr>
              <td><input type="password" name="password" placeholder="Enter Password" required  /></td>
            </tr>
            <tr>
              <td><input type="submit" value="Login" /></td>
            </tr>
          </form>
        </table>

If I run echo sha1($password); it does properly echo the same hashed password that is stored in the database. However, when I run it with the mysql_num_rows code it keeps returning "No.' Hopefully the info given is enough for someone to see where my issue lies. If not please let me know what else I can include.

Danger: You are vulnerable to SQL injection attacks that you need to defend yourself from. — Quentin
– Quentin, Commented Mar 3, 2014 at 20:04
You are using an unsuitable hashing algorithm and need to take better care of your users' passwords. — Quentin
– Quentin, Commented Mar 3, 2014 at 20:04
The HTML5 placeholder attribute is not a substitute for the label element — Quentin
– Quentin, Commented Mar 3, 2014 at 20:04
This line: if(mysql_num_rows($checklogin) == 1) { .....should be if(mysqli_num_rows($checklogin) == 1) { — Hackerman
– Hackerman, Commented Mar 3, 2014 at 20:07

Hackerman · Accepted Answer · 2014-03-03 20:41:24Z

2

Just change this:

$checklogin = mysqli_query($con, "SELECT * FROM users WHERE username = '".$username."' AND password= sha1('".$password."')"); 
 if(mysql_num_rows($checklogin) == 1) {  //Wrong line
  echo 'Success!';
 } else {
 echo 'No';
 }

To this:

 $checklogin = mysqli_query($con, "SELECT * FROM users WHERE username = '".$username."' AND password= sha1('".$password."')"); 
 if(mysqli_num_rows($checklogin) == 1) {  //mysqli
  echo 'Success!';
 } else {
 echo 'No';
 }

answered Mar 3, 2014 at 20:41

Hackerman

12.3k2 gold badges37 silver badges47 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

user3111737 · Accepted Answer · 2014-03-03 20:37:27Z

1

<?php
//include db connect
  include ("db_con.php");

//set variable names
  $username = htmlspecialchars($_POST['username']);
  $password = htmlspecialchars($_POST['password']);

//start session
  session_start();

 $checklogin = mysqli_query($con, "SELECT * FROM users WHERE username = '".$username."' AND password= sha1('".$password."')"); 
  if(mysqli_num_rows($checklogin) == 1) {  
   echo 'Success!';
 } else {
  echo 'No';
 }

?>

answered Mar 3, 2014 at 20:37

user3111737

Collectives™ on Stack Overflow

mysql_num_rows returning false

The code checking if user exists (user_login.php)

If needed here is the form (login_form.php)

2 Answers 2

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

The code checking if user exists (user_login.php)

If needed here is the form (login_form.php)

2 Answers 2

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related