Hello Andy, Thursday, March 25, 2004, 10:43:54 AM, you wrote:
AB> So, just for the sake of me getting this right, it would be better code if i AB> had the code like this: AB> <? AB> $UserExists=mysql_query("select * from users where AB> username='$_POST[username]' and pwd=md5($_POST[password])"); AB> //since query is done see if the user exists AB> if($UserExists) { AB> ExistingUserCanDoSomething(); } AB> else { AB> YouCantDoAnythingIfYouDontExist(); } ?>> Do you actually need to bring back the user data? What I mean is, you're selecting * from the users table and doing nothing with it other than worrying if the query was successful or not. It would make far more sense if you just did this: SELECT COUNT(username) AS hits FROM users WHERE ... Providing your query syntax is good this will always return a value in "hits". A zero means no users, anything above and you've got a live one. Also - I doubt I need to mention this, but you're injecting POST variables directly into a SQL query. I hope your example above was just that and isn't the actual way you're doing it? AB> and $UserExists in this example is either true or false because "empty set" AB> in mysql isnt even a number it = NULL $UserExists in your example will never be TRUE, it can only ever be FALSE. mysql_query does not, under any circumstances, return a boolean TRUE value. It either returns a FALSE (if it was a select query) or a *resource identifier* regardless of "empty sets". Sometimes if this resource identifier equals the value of 1 then a loose comparison to "true" might exist, but only because PHP is determining this value as such, not because it really is a true boolean value. In the example above, providing all the data is given (username and password) the query will return what appears to be "TRUE" regardless of what happens. Imagine you have a user "bob" in your database and his password is "hi", look at the two following queries: SELECT * FROM users WHERE username='bob' AND password='hi' SELECT * FROM users WHERE username='bob' AND password='incorrect' Both of them will make mysql_query return a resource identifier because they are both correct from a syntax point of view. But in actual fact they're telling you two completely different things. Without doing a COUNT or knowing how many rows the query returned, you cannot determine if the user does already exist or not, all you can tell is if your query worked and an invalid user does not = an invalid query. -- Best regards, Richard Davey http://www.phpcommunity.org/wiki/296.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php