I myself have been trying at this one for about a week. As you can clearly see by the haphazard code I have below, I’m trying to create an SQL login system. It uses an SQLite file, and when I run the code to trouble shoot, no PHP errors pop up. I’m assuming this means it’s a problem with the way I check the results, or my SQL. I, for one, am completely lost. Any help is appreciated, thanks.
session_start();
$user = strtolower(sqlite_escape_string($_POST['username']));
$pass = strtolower(sqlite_escape_string($_POST['password']));
$db = sqlite_open('my DB.sqlite', 0666, $sqlerr);
$query = sqlite_query($db, "SELECT COUNT(*) FROM USERS WHERE USER = '$user' AND PASS = '$pass'", $sqlerr);
$result = sqlite_fetch_all($query, SQLITE_ASSOC);
if (count($result) == 1) {
$_SESSION['loggedin'] = true;
$_SESSION['loginFail'] = false;
$_SESSION['user'] = $_POST['username'];
}
if ($sqlerr != null) {
$_SESSION['sqlerr'] = $sqlerr;
}
if (!$_SESSION['loggedin']) {
$_SESSION['loginFail'] = true;
}
sqlite_close($db);
header("Location: index.php");
exit();
(Also, sorry if I forgot any information. I’ve not posted a StackOverflow question in a while.)
Here is your problem:
You are asking for a count of rows from the database, which will be something like
1, then you retrieve this result and put it into an array ($result), then count the number of entries in$result. The result ofcount($result)will always be exactly 1.You need to either compare the value that is returned from the database or use
SELECT *instead ofSELECT COUNT(*)