Use of FOUND_ROWS in login page

Question

I am trying to set up a user login page (basic training as i learn php) but the page is not working as i think i have problems with the part where i count the number of rows (i check that the number of rows in my user_table database where the login and password inputed match to tthe one that have been entered is =1).

I'm in PDO and I don't want to use mysql_num_rows which is being deprecated or at least it is recommended not to use it. Instead, I want to use Found_rows

Here is my login_page.php:

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
    <title>LOGIN PAGE</title>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Connect to your account</h1>
    <form method="post" action="login_verify.php">
        <input type="text" name="inputed_username" size="35" maxlength="30" required="required" value="Enter your login" /><br/><br/>
        <input type="password" name="inputed_password" size="35" maxlength="30" required="required" value="Enter your password" /><br/><br/>
        <input type="submit" name="submit "value="Connect me !" />         
    </form>
</body>
 </html>

Then here is the php file where I check if the {login,password} entered are correct in this login_verify.php file:

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
    <title>login process check-up</title>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
    if (isset($_POST['submit']))//if the button submit has not been clicked on
    {
        try
        {
            //database connection          
            $dbhost     = "localhost";
            $dbname     = "test";
            $dbuser     = "root";
            $dbpass     = "";

            $pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
            $bdd = new PDO("mysql:host=$dbhost;dbname=$dbname; charset=UTF8",$dbuser,$dbpass,$pdo_options);
            $bdd -> query('SET NAMES utf8'); 

            //the database is checked to see if there is a match for the couple {user,password}

            $user = $_POST['inputed_username'];
            $password = $_POST['inputed_password'];
            //preparaiton and execution of the request
            $req = $bdd->prepare('SELECT * from user_table WHERE login= :login && password= :password LIMIT 1');
            $req->execute(array(
            'login' => $user,
            'password' => $password));
            $foundrows = $req->query("SELECT FOUND_ROWS()")->fetchColumn();//the number of rows are counted

            //we check if there is a match for the login-password
            if ($foundrows == 1)//if we find one that matches
            {
                session_start();
                $_SESSION['username'] = $req['login'];
                $_SESSION['fname'] = $req['first_name'];
                $_SESSION['lname'] = $req['last_name'];
                $_SESSION['logged'] = TRUE;
                header("Location: first_page.php");
                exit();
            }
            else //if we don't find any match
            {
                header("Location: login_page.php");
                exit;
            }
        }
        catch (Exception $e)
        {
            die('Erreur: '.$e->getMessage());
        }

    }
    else //if the submit button has  not been clicked on
    {
        header ("Location: login_page.php");
        exit;
    }
?>

If any of you know where the problem lies it would be great.

I think it comes from a misuse of found_rows. It's the first time I use it so I feel I've something badly but I don't know what it is.

Answer 1

FOUND_ROWS() only works if you use it after a select query where you had the SQL_CALC_FOUND_ROWS option in the select query, and is only truly useful if it's a LIMIT query. FOUND_ROWS() is the number of rows that WOULD have been returned if not for the limit clause.

SELECT SQL_CALC_FOUND_ROWS ... WHERE ... LIMIT 10
SELECT FOUND_ROWS()

For non-LIMITed queries, you use mysql_num_rows() instead.

Presumably your database is setup that login is a primary/unique key field, so your query would only ever return at most one row anyways, so the limit is pointless.