I am creating a login on a local server that checks if a user exists in a table before adding any data.
This is the code I used to select the user information:
$name1 = mysql_real_escape_string($_POST['studentname']);
$num = mysql_real_escape_string($_POST['studentnum']);
$qw = "SELECT name FROM students WHERE name = '$name1'";
$qw1 = "SELECT studentnum FROM students WHERE studentnum = '$num'";
$namematch = mysql_query($qw) or die(mysql_error());
$nummatch = mysql_query($qw1) or die(mysql_error());
But, I am stumped as to what I should enter for my if() statement to register as TRUE if data is retrieved from each query:
if (!($namematch && $nummatch) {
die('Name or student number do not match those on record');
}
The above code does not equal true, even when I am entering incorrect information.
In your code
if (!($namematch && $nummatch) {
die('Name or student number do not match those on record');
}
the $namematch and $nummatch is always be true
$namematch and $nummatch just mysql_query resource identify ,resource type always exists
perhaps u should do this:
$nameExists = mysql_fetch_assoc($namematch);
$numExists = mysql_fetch_assoc($nummatch);
if (!($nameExists && $numExists )) {
die('Name or student number do not match those on record');
}
You have executed the query, but have not fetched the data. This:
mysql_fetch_array($namematch)[0]
Will get you the data.
Please be aware that mysql_* functions are deprecated and insecure. You should use PDO.
$namematch = mysql_num_rows($namematch);
$nummatch = mysql_num_rows($nummatch);
if (!($namematch && $nummatch) {
die('Name or student number do not match those on record');
}
PLEASE USE PDO FROM NOW ON!