2

So I am trying to check if a user is banned using a mysqli query however it always seems to return that the user is banned. Even though they are not banned.

user_banned function

function user_banned ($con, $username) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `banned` FROM `users` WHERE `username` = '$username'");
    return(mysqli_affected_rows($con) == 1) ? true : false;
}

Place where I call the function:

$username = $_POST['username'];
$password = $_POST['password'];

if (user_banned($con, $username) === true ) {
    $errors[] = 'You are banned, contact an admin.';
}

I have echo'd the $username and it is the correct username, so that is not the issue.

TL;dr function always returns true for some reason.

Improve this question
1
  • It seems that you are returning always one row with 'banned' string. The only condition is that the user has to exists. If dont't, please, clarify. Commented Apr 8, 2015 at 16:59

2 Answers 2

Reset to default
3

mysqli_affected_rows() is for INSERT and UPDATE. You want mysqli_num_rows().

Your current logic would return false if there happen to be more than 1 rows so this might make more sense:

return(mysqli_affected_rows($con) != 0) ? true : false;
//or even
return (bool)mysqli_affected_rows($con);

Also, what the **** is this? It does absolutely nothing.

$data = $username;
$username = sanitize($data, $con); 
$username = $data;
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

and perhaps add " and banned = true "
Alright thanks for the help. Also I have no idea why thats there, its a copied section from old code
1

Your not checking the value of banned your just selecting a row and returning true if it exists. You need to either add a where clause to check the value of banned or inspect it in php and decide if the user is banned or not

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.