Mysql select statement always return false

Question

1.00/5 (2 votes)

See more:

I am trying to get value from HTML Form and utilised it in MySql Select Statement but it does not work in PHP file as below:

Table Name eclogin

My Table Structure

id    pwd
1001  mahesh

My HTML File:

HTML

  1  <!DOCTYPE html>
  2  <html>
  3  <head>
  4  <meta charset="utf-8">
  5  <meta name="viewport" content="width=device-width, initial-scale=1">
  6  <!-- Bootstrap CSS -->
  7  
  8  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" 
  9  rel="stylesheet" integrity="sha384- 
 10  9ndCyUaIbzAi2FUVXJi0CjmCapSmO7SnpJef0486qhLnuZ2cdeRhO02iuK6FUUVM" crossorigin="anonymous">
 11  
 12  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js" 
 13  integrity="sha384-geWF76RCwLtnZ8qwWowPQNguL3RmwHVBC9FhGdlKrxdiJJigb/j/68SIy3Te4Bkz" 
 14  crossorigin="anonymous"></script>
 15  
 16  </head>
 17  <body>
 18  <div class="container-fluid">
 19  <div class="row">
 20  
 21  <div class="col-5" style="margin-top:20px;">
 22      <img src="logo/RSET.png" style="width:100%;"/>      
 23  </div>    
 24  
 25  <div class="col-7" style="margin-top:50px;">
 26          <p style="font-size:30px;display:inline;color:red"> રૂખી</p>
 27          <p style="font-size:30px;display:inline;color:blue">સોફ્ટવેર </p>
 28          <p style="font-size:30px;display:inline;color:black">એડયુકેશન  </p>
 29          <p style="font-size:30px;display:inline;color:green"> ટ્રસ્ટ </p>
 30  
 31  </div>
 32  </div>
 33  
 34   <form action="ec.php" method="post">
 35  
 36   <div style="text-align:center;margin-top:40px">   
 37      
 38   <input type="text" name="pwd" id="pwd" placeholder="તમારો પાસવર્ડ આપો"  
 39   style="color:black;" />
 40      
 41   <input type="submit" value="Login"   style="width:150px;height:40px;margin- 
 42    top:40px;background-color:blue;color:white" >
 43      
 44  </div>
 45  
 46  </form>
 47  </div>
 48  
 49  </body>
 50  </html>

My PHP File ec.php

PHP

  1  <?php
  2  // Establish a database connection
  3  
  4  $servername = "localhost";
  5  $username = "myusername";
  6  $password = "mypassword";
  7  $dbname = "dbname";
  8  
  9  mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 10  
 11  $conn = new mysqli($servername, $username, $password, $dbname);
 12  
 13  // Retrieve form data
 14  $pwd = $_POST['pwd'];    
 15  
 16  $sql = "SELECT * FROM eclogin WHERE pwd=?"; // SQL with parameters
 17  $stmt = $conn->prepare($sql); 
 18  $stmt->bind_param("s", $pwd);
 19  $stmt->execute();
 20  
 21  if ($stmt->num_rows > 0) {
 22  
 23      echo "Success"; 
 24    
 25  }
 26  else{
 27      
 28      echo "Failed";
 29  }
 30             
 31  // Close the database connection     
 32  $conn->close();
 33  ?>

I have a doubt that something is wrong in the PHP file. My Mysql table has one row with data as above but as per PHP SQL statement, its nothing return. It always remain false whereas I am trying the above query in phpmyadmin, it works well and returns one row with pwd=mahesh but PHP always return false. No error display. Tell me what is wrong?

What I have tried:

I try from phpmyadmin with query and it works well but not in PHP.

Posted 11-Sep-23 20:36pm

MAHESH WAGHELA

Updated 12-Sep-23 8:13am

Deeksha Shenoy

v3

Add a Solution

Comments

Richard MacCutchan 12-Sep-23 3:58am

Have you checked to see exactly what is in $pwd at the time of building the select?

Richard Deeming 12-Sep-23 4:29am

You are storing your single password in plain text. Don't do that!
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you handle passwords correctly:
PHP: password_hash[^]
PHP: password_verify[^]

MAHESH WAGHELA 12-Sep-23 5:06am

I have checked $pwd and its return parameter "mahesh" but in php it remain false

MAHESH WAGHELA 12-Sep-23 5:11am

There is no problem in variable return but something wrong in php.but it is surprise that no error reported

Phil J Pearson 12-Sep-23 10:19am

It is NOT an error to return no rows when there are no matching rows to return.
You don't seem to be setting $pwd to anything but you expect it to match a value in your table.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2023-09-11T22:32:00

The reason it returns a count of zero is simple: there are no matching rows.
That could be because it's the wrong table, the wrong DB, or (most likely) that the parameter value doesn't exactly match the cell content.

Sop start with the debugger, and look at exactly what $pwd contains, then compare that to the row you think you should match with. Unless they are identical it will not match, and zero rows will be returned.

But you shouldn't do it like that: Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - the code is C~, but the principle is the same for PHP but even easier because this exists: PHP: password_hash - Manual[^]

And remember: if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.