Help with IF THEN breaking when comparing results from MYSQL query.
Posted
by roydukkey
on Stack Overflow
See other posts from Stack Overflow
or by roydukkey
Published on 2010-04-21T01:44:06Z
Indexed on
2010/04/21
1:53 UTC
Read the original article
Hit count: 242
I'm have a problem with an invite system. The if statement seems to break. It shows the message "Fail" but the UPDATE statement still executes. Why do both the THEN and the ELSE excute?
$dbConn = new dbConn();
// Check if POST user_username and user_hash are matching and valid; both are hidden for fields
$sql = "SELECT user_username "
. "FROM table_users "
. "WHERE user_id=".mysql_real_escape_string($_POST["user_id"])." "
. "AND user_hash='".mysql_real_escape_string($_POST["user_hash"])."' "
. "AND user_enabled=0;";
$objUser = $dbConn->query($sql);
// If result contains 1 or more rows
if( mysql_num_rows($objUser) != NULL ){
$objUser = mysql_fetch_assoc($objUser);
$ssnUser->login( $objUser["user_username"] );
$sql = "UPDATE table_users SET "
. "user_enabled=1, "
. "user_first_name='".mysql_real_escape_string($_POST["user_first_name"])."', "
. "user_last_name='".mysql_real_escape_string($_POST["user_last_name"])."', "
. "user_password='".mysql_real_escape_string( md5($_POST["user_password"]) )."' "
. "WHERE user_id=".mysql_real_escape_string($_POST["user_id"]).";";
$dbConn->query($sql);
echo "Success";
header( "Refresh: 5; url=/account/?action=domains" );
} else {
echo "Fail";
}
This dbConn Class is as follows:
class dbConn{
var $username = "xxxx_admin";
var $password = "xxxxxxxx";
var $server = "localhost";
var $database = "xxxx";
var $objConn;
function __construct(){
$conn = mysql_connect( $this->server, $this->username, $this->password, true );
if( !$conn ){
die("Could not connect: ".mysql_error() );
} else {
$this->objConn = $conn;
}
unset($conn);
}
function __destruct(){
mysql_close( $this->objConn );
unset( $this );
}
function query( $query, $db = false ){
mysql_select_db( $db != false ? $db : $this->database, $this->objConn );
$result = mysql_query( $query );
unset($query,$db);
return $result;
}
}
© Stack Overflow or respective owner