I'm getting an error in my code. If I put a wrong user, it shows
user ok
if I put correct user, it also shows
user ok
I don’t know where is the error in my code so please take a look at my code and let me know where I went wrong.
Login.php
<html>
<body>
<form action="list_work.php" method="post">
username: <input type="text" name="username">
password: <input type="text" name="password">
<input type="submit">
</form>
</body>
</html>
List_work.php
<?php
$username = $_POST["username"];
$password = $_POST["password"];
// Connect to the database
$dbLink = new mysqli('localhost', 'sqldata', 'sqldata', 'balhaf');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
mysqli_select_db($dbLink,"balhaf2");
// Fetch the file information
$query = "select * from users WHERE username = '".$dbLink- >escape_string($username)."'";
$result = $dbLink->query($query);
$company = false;
if($result) {
echo "user ok"."</br>";
//Now get the result information
$row = $result->fetch_object(); //will store the record in $row
//Access what you need
if($row) {
$company = $row->company; //variable name should match the field name in your database
echo $company; //See if you get the value stored in the database
}
} else {
echo "worng user";
}
mysqli_select_db($dbLink,"balhaf");
// Query for a list of all existing files
$sql = "SELECT id, name, mime, size, created FROM $company";
$result = $dbLink->query($sql);
// Check if it was successfull
if($result) {
// Make sure there are some files in there
if($result->num_rows == 0) {
echo '<p>There are no files in the database</p>';
} else {
// Print the top of a table
echo '<table border="1" align="center">
<H2 align="center"> Report Table</H>
<tr>
<td><b>Name</b></td>
<td><b>Mime</b></td>
<td><b>Size (bytes)</b></td>
<td><b>Created</b></td>
<td><b> </b></td>
</tr>';
// Print each file
while($row = $result->fetch_assoc()) {
echo "
<tr>
<td>{$row['name']}</td>
<td>{$row['mime']}</td>
<td>{$row['size']}</td>
<td>{$row['created']}</td>
<td><a style='text-decoration:none;' href='get_file_work.php?id= {$row['id']}&company=$company'>Download</a></td>
</tr>";
}
// Close table
echo '</table>';
}
// Free the result
$result->free();
}
else
{
echo 'Error! SQL query failed:';
echo "<pre>{$dbLink->error}</pre>";
}
// Close the mysql connection
$dbLink->close();
?>
Change the following from:
if($result) {
To:
if( $result && mysqli_num_rows($result) > 0 ) {
$result is still an object, so $result is not NULL, FALSE, or 0.
Edit
I neglected to add $result itself the first time. If the query fails, then $result == FALSE. mysqli_num_rows($result) will throw a warning:Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given
...if it is anything but a mysqli_result object. So, by first checking that $result is not false, we prevent the error from occuring.
Note: undone's answer was correct the first time, even if it was after mine :p
You need to check number of returned rows: change:
if($result ){
To:
if($result && $result->num_rows) {
P.S: $result = $dbLink->query($query); returns FALSE on failure (when there is something wrong with your SQL statement). other than that, it will return an object which is the same as true in your if statement.