user1543784 user1543784 - 7 days ago 4
MySQL Question

Why mysqli_data_seek isn't working after switching the code from mysql to mysqli?

I recently altered my code from using mysql to mysqli, and resolved all the errors displayed by WAMP local server. But the login mechanism is broken. Now it lets users to log in irrespective of the password being correct or incorrect. I am using the following function to do the work, which worked fine before switching things to mysqli. What is wrong here?

function login($registration_id, $password) {
include 'core/database/connect.php';

$registration_id = sanitize($registration_id);
$password = sanitize($password);
$query = mysqli_query($link, "SELECT COUNT(`sr`) FROM `main_table` WHERE `registration_id` = '$registration_id' AND `password` = '$password'");
return (mysqli_data_seek($query, 0) == 1) ? $registration_id : false;

mysqli_close($link);
}

Answer

mysqli_data_seek() function just returns a Boolean value indicating if the call was successful or not. It does not return anything from the results of the underlying sql query.

Since your sql query is select count(...), it will always return a single line in the resultset. So, unless sg goes wrong, the result of mysqli_data_seek() will be always true, which equals to 1. This means that everyone can log in.

You need to read the returned value by the count() function to determine if the login was successful using for example mysqli_fetch_array().