Help with IF THEN breaking when comparing results from MYSQL query.

Posted by roydukkey on Stack Overflow See other posts from Stack Overflow or by roydukkey
Published on 2010-04-21T01:44:06Z Indexed on 2010/04/21 1:53 UTC
Read the original article Hit count: 242

Filed under:
|
|
|
|

I'm have a problem with an invite system. The if statement seems to break. It shows the message "Fail" but the UPDATE statement still executes. Why do both the THEN and the ELSE excute?

$dbConn = new dbConn();

// Check if POST user_username and user_hash are matching and valid; both are hidden for fields
$sql = "SELECT user_username "
    . "FROM table_users "
    . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"])." "
    . "AND user_hash='".mysql_real_escape_string($_POST["user_hash"])."' "
    . "AND user_enabled=0;";
$objUser = $dbConn->query($sql);

// If result contains 1 or more rows
if( mysql_num_rows($objUser) != NULL ){
    $objUser = mysql_fetch_assoc($objUser);

    $ssnUser->login( $objUser["user_username"] );

    $sql = "UPDATE table_users SET "
        . "user_enabled=1, "
        . "user_first_name='".mysql_real_escape_string($_POST["user_first_name"])."', "
        . "user_last_name='".mysql_real_escape_string($_POST["user_last_name"])."', "
        . "user_password='".mysql_real_escape_string( md5($_POST["user_password"]) )."' "
        . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"]).";";
    $dbConn->query($sql);

    echo "Success";
    header( "Refresh: 5; url=/account/?action=domains" );

} else {
    echo "Fail";
}

This dbConn Class is as follows:

class dbConn{
    var $username = "xxxx_admin";
    var $password = "xxxxxxxx";
    var $server = "localhost";
    var $database = "xxxx";
    var $objConn;

    function __construct(){
        $conn = mysql_connect( $this->server, $this->username, $this->password, true );
        if( !$conn ){
            die("Could not connect: ".mysql_error() );
        } else {
            $this->objConn = $conn;
        }
        unset($conn);
    }
    function __destruct(){
        mysql_close( $this->objConn );
        unset( $this );
    }
    function query( $query, $db = false ){
        mysql_select_db( $db != false ? $db : $this->database, $this->objConn );
        $result = mysql_query( $query );
        unset($query,$db);
        return $result;
    }
}

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql