Home/ Questions/Q 7691495
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T20:38:16+00:00

What am I doing wrong here? It says Database Count Failed (on the $count

  • 0

What am I doing wrong here? It says Database Count Failed (on the $count line in Process.php) without giving reason. When I take our the “or die” part of that line, it always displays “user account created” no matter which button I pressed and it doesn’t actually create an account…

Form.php

<html>
<head>
<title>Forms</title>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.1.0-rc.1/jquery.mobile-1.1.0-rc.1.min.css" />
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.1.0-rc.1/jquery.mobile-1.1.0-rc.1.min.js"></script>
</head>
<body>
    <form action="process.php" method="post">
        <label for="username">Email: </label>
        <input type="email" name="username" value="" id="username"/>
        <br/>
        <label for="password">Password: </label>
        <input type="password" name="password" value="" id="password"/>
        <br/>
        <input type="submit" name="submit" value="Sign in"/>
        <input type="submit" name="submit" value="Sign up"/>
    </form>
</body>
</html>

Process.php

<?php
    //1. Create a database connection
    $connection = mysql_connect("localhost","web","1234") or die("Database connection failed: " . mysql_error());

    //2. Select a database to use
    $db_select = mysql_select_db("tongue", $connection) or  die("Database selection failed: " .mysql_error());
?>
<html>
<head>
<title>Form processing</title>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.1.0-rc.1/jquery.mobile-1.1.0-rc.1.min.css" />
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.1.0-rc.1/jquery.mobile-1.1.0-rc.1.min.js"></script>
</head>
<body>
    <?php
        $username = $_POST['username'];
        $password = trim($_POST['password']);
        $hashed_password = sha1($password);

        $action = $_POST['submit'];

    //3. Select email, password from database
        $query = "
                SELECT email, password FROM user 
                WHERE email='$username' AND password='$hashed_password'";
        $user = mysql_query($query, $connection)
            or die ("Database query failed: ".mysql_error());

        $count = mysql_num_rows($user) or die ("Database count failed: ".mysql_error());

    //4. Authenticate user
        if ($count == 1) {
            if($action="Sign up"){
                echo "User already exists";
            } else if ($action="Sign in"){
                echo "User signed in";
            };
        } else if ($count == 0){
            if($action="Sign up"){
            $query = "
                INSERT INTO users (email, password)
                VALUES ('$username', '$hashed_password')";
            $signup = mysql_query($query, $connection);
            echo "User account created";
            } else if ($action ="Sign in"){
                echo "Username and/or password incorrect";
            };
        };


    ?>
</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try running this example: 

    $a = 0 OR die('foobar');
var_dump($a);

    You will see, that the OR die() will be executed any time the value is considered false.

    That said .. your code is quite bad.

    • The script is open to an SQL injection
    • You are using mysql_* API, which is more then 10 years old, and should not be used in any newly written code. Instead you should learn to use either PDO or MySQLi.
    • It’s pointless to select by both username and password, if you already have a unique username column
    • This is not how you should hash your password
    • Do not create new accounts without telling people beforehand. What if i make a mistake in my email address ?

    This is something like how i would do it:

    $connection = new PDO( 'mysql:host=hostname;dbname=tongue', 'web', '1234');
$connection->setAttribute( PDO::ATTR_EMULATE_PREPARES, false );

$statement = $connection->prepare('
     SELECT 
         email, 
         hash, -- instead of password, because thats what it is
         salt
     FROM user 
     WHERE email = :username
');
$statement->bindParam( ':username', $_POST['username'], PDO::PARAM_STR, 127);
if ( $statement->execute() )
{
    $data = $statement->fetch( PDO::FETCH_OBJ );
}

if ( $data )
{
    $hash = crypt( $_POST['password'], '$2a$07$' . $data->salt . '$' );
    if ( $hash === $data->hash )
    {
        // user OK
    }
    else
    {
        // login failed 
    }
}
else
{
    //login failed
}

    This is obviously a bit simplified version, because, if you read manual entry for ‘crypt()`, you will notice that the resulting hash already contains the original salt. You can extract if from it. But the intention was to make a point, not to add too much detail.

    Also the if condition for login could have been wrapped into single if, because, when you do if( $condition_1 && $condition_2 && $condition_3 ), PHP will stop checking at the first failed condition.

    • 0