somdow somdow - 1 year ago 66
PHP Question

match a form value against all values in database

so my studies have led me to this little problem. (ive been into php for a solid month so i apologize if im not entirely clear)

i have a small form consisting of user name and pass.

<form method="post" action="proc.php">
<td><input type="text" name="user" id="user"></td>
<td><input type="text" name="password" id="password"></td>
<td><input type="submit" value="submit"></td>



and i have the corresponding values in the db columns.

what im trying to do is, im trying to check the entered name in the form fields against the desired values of the databases columns.

so when i do this to test for just one value in the db(the first value sine its not looping), it works and lets me in:

$dbq = "SELECT * FROM accounts;";
$dbqDoIt = mysqli_query($connect2db, $dbq)or die("error".mysqli_error($connect2db));

$getNames = mysqli_fetch_array($dbqDoIt);

//check if user acc. exists inside vSpot database.
if(($name !== $getNames['username']) || ($pass !== $getNames['password'])){
header("Location:index.php"); /* Redirect browser */

for testing my while loop...(cause im new lol), when i do this:

$nums = array(1,2,3,4,5);

for($i=0; $i<6; $i++){
if($nums[0] < 6 ) echo $i . '<br/>';

it works and lists numbers 1-5.

now when i try to loop through db for names/pass, it doesnt work.
like so:

while($getNames = mysqli_fetch_array($dbqDoIt)){
//check if user acc. exists inside my database.
if(($name !== $getNames['username']) || ($pass !== $getNames['password'])){
header("Location:index.php"); /* Redirect them to log in */



any ideas as to why its not checking against all the values? im sure im missing something lol.

any tips, advice etc ill gladly appreciate.
thank you in advace


Answer Source

You don't need to (AND YOU SHOULDN'T) get all the data from your database table and iterate over all the results just to make this kind of check. Why?

  • This is slow and resource consuming
  • It's not very secure
  • The database engines are much better to search things in the database (they are made to this kind of task)
  • In large databases you will probably fill all your allowed memory for PHP script execution (this will return errors).

Try a more specific SQL and use your database engine capabilities for your own good, like so:

$query = "SELECT user_id FROM accounts WHERE username = :username";
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download