无法从MySQL数据库检索值

Question

I'm very new to using MySql and am having trouble retrieving values from my database. I was under the impression that i was going about it the correct way but my echo statements don't print anything.

I'd appreciate some help. My code is below. I know i'll have to add security later on like sanitizing user input.

<?php
            $email = $_POST['email'];
            $password = $_POST['password'];
            $hashedPass = sha1($password);

            if ((!isset($email)) || (!isset($password))) {
                //Visitor needs to enter a name and password
                echo "Data not provided";
            } else {
                echo "Received details $email and $password <br/>";
                // connect to mysql
                $mysql = mysqli_connect("localhost", "root", "root");
                if(!$mysql) {
                echo "Cannot connect to PHPMyAdmin.";
                exit;
                } else {
                echo "Connected to phpmyadmin <br/>";
                }
            }
            // select the appropriate database
            $selected = mysqli_select_db($mysql, "languageapp");
            if(!$selected) {
                echo "Cannot select database.";
                exit;
            } else {
                echo "DB Selected"; 
            }
            // query the database to see if there is a record which matches
            $query = "select count(*) from user where email = '".$email."' and password = '".$hashedPass."'";
            $result = mysqli_query($mysql, $query);
            if(!$result) {
                echo "Cannot run query.";
                exit;
            }

            $row = mysqli_fetch_row($result);
            $count = $row[0];

            $userdata = mysqli_fetch_array($result, MYSQLI_BOTH);
            echo $userdata[3];
            echo $userdata['firstName'];

            if ($count > 0) {   
                echo "<h1>Login successful!</h1>";
                echo "<p>Welcome.</p>";
                echo "<p>This page is only visible when the correct details are provided.</p>";
            } else {
                // visitor's name and password combination are not correct
                echo "<h1>Login unsuccessful!</h1>";
                echo "<p>You are not authorized to access this system.</p>";
            }
            ?>

Answer 1

I believe the problem is that you call twice the * fetch * family function which will cause the $userdata to be empty.

From the documentation mysql_fetch_row will fetch the next row and move the internal data pointer ahead. So when you call mysqli_fetch_array($result, MYSQLI_BOTH) and I suppose the user/password is unique there is nothing to retrieve. Also another mistake you did is that your SELECT doesn't retrieve the actual user data, but just the count number for the user/password combination. So your userdata will be always incorrect, even if you fetch the data right.

So change your query to something like that:

 $query = "select * from user where email = '".$email."' and password = '".$hashedPass."' LIMIT 1";

Then use mysql_fetch_array to check if the entry exist and then retrieve the user data.