Mysql query always returning true
Question
So I am trying to check if a user is banned using a mysqli query however it always seems to return that the user is banned. Even though they are not banned.
user_banned function
function user_banned ($con, $username) {
$data = $username;
$username = sanitize($data, $con);
$username = $data;
mysqli_query($con, "SELECT `banned` FROM `users` WHERE `username` = '$username'");
return(mysqli_affected_rows($con) == 1) ? true : false;
}
Place where I call the function:
$username = $_POST['username'];
$password = $_POST['password'];
if (user_banned($con, $username) === true ) {
$errors[] = 'You are banned, contact an admin.';
}
I have echo'd the $username and it is the correct username, so that is not the issue.
TL;dr function always returns true for some reason.
2 answers
solution1
3 ACCPTED 2015-04-08 16:56:14
mysqli_affected_rows() is for INSERT and UPDATE. You want mysqli_num_rows() .
Your current logic would return false if there happen to be more than 1 rows so this might make more sense:
return(mysqli_affected_rows($con) != 0) ? true : false;
//or even
return (bool)mysqli_affected_rows($con);
Also, what the **** is this? It does absolutely nothing.
$data = $username;
$username = sanitize($data, $con);
$username = $data;
solution2
1 2015-04-08 16:55:40
Your not checking the value of banned your just selecting a row and returning true if it exists. You need to either add a where clause to check the value of banned or inspect it in php and decide if the user is banned or not
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.