Home/ Questions/Q 8544839
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T12:39:21+00:00

I’m executing the following query: if (isset ($_POST[‘valider’]) ){ $password=$_POST[‘password’]; $login=$_POST[‘login’]; $sql =’SELECT *

  • 0

I’m executing the following query: 

    if (isset ($_POST['valider']) ){
            $password=$_POST['password'];
            $login=$_POST['login'];


  $sql ='SELECT * FROM artisant WHERE pseudo="'.$login.'" AND password="'.$password.'"';
  echo $sql;


            $req = mysql_query ($sql) or die ('Erreur SQL !'.$sql.'<br />'.mysql_error());
            $nbr = count($req);
            echo $nbr;
            if(empty($req)){
            echo " <p>Incorrecte user name or password ! </p> ";
            }
            else {
            while ($data = mysql_fetch_array($req)) {
            $_SESSION['num']=$req['num'];
            $_SESSION['prenom']=$req['prenom'];
                        $_SESSION['nom']=$req['nom'];
                        $_SESSION['mail']=$req['mail'];
            $_SESSION['nbr_ventes']=$req['nbr_ventes'];
            $_SESSION['CA']=$req['CA'];
            }

            mysql_close();

            }


}

and the login and password I’m passing to the query are incorrect ( they don’t exist in the data base) however the returned result is a non empty array ( the size of req after the query is 1) and due to this it enters to the while loop where it is not supposed to enter unless a corresponding login and password is found.

Thank you for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    $req is a resource, not the rows.

    $nbr = count($req); makes no sense, use mysql_num_rows instead:

    $nbr = mysql_num_rows($req);
if ($nbr == 0) {
    • 0