Getting no result from query

Question

I want to display the first name of the person that logged in to my website. This is the code of my login.php file which is included in one page of my website.

<?php

$connect = mysql_connect("localhost","root","") or die("Error");
mysql_select_db("jpnv_db") or die("Couldn't find db");

function login() {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $query = mysql_query("SELECT * FROM customers WHERE `username`='$username' AND `password`='$password'");
    $names = mysql_query("SELECT contactFirstName FROM customers WHERE `username`='$username'");

    if (empty($username)) {
        $errors[] = 'Please fill in your username. <a href="index.php">Click here to try again.</a>';
    }

    if (empty($password)) {
        $errors[] = 'Please fill in your password. <a href="index.php">Click here to try again.</a>';
    }    

    if ($errors==true) {
        foreach ($errors as $error) {
            echo $error.'<br />';
        }
    } else {
        if (mysql_num_rows($query)==true) {
            echo $names['customers'];
        } else {
            echo 'Your username and/or password are incorrect. <a href="index.php">Click here to try again.</a>';
        }
    }
}
?>

This is the result when the password is incorrect:

This is the result when I actually log in succesfully:

As you can see in my code, it should actually show the name of the person who logged in in the top bar. But however, it is completely empty. What am I doing wrong here?

Answer 1

check this line of code. You are not identifying $name variable.

else {
  //$names variable 
    if $(mysql_num_rows($query)==true) {
      $names = mysql_fetch_all($query);
        echo $names['customers'];
    } else {
        echo 'Your username and/or password are incorrect. <a href="index.php">Click here to try again.</a>';
    }
}

Answer 2

function login() {

    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) || empty($password))
    {
      echo "You haven't filled username/password";
      // redirect code here//
    }
    else
    {

    $query = mysqli_query("$con, SELECT * FROM customers WHERE `username`='$username' AND `password`='$password'");
         if ($query && mysqli_num_rows($query)!=0) {
         $row =mysqli_fetch_assoc($query);
         echo "Customer name is : " . $row['customers']; // you need to specify columns in between  ' ' to get it. Change it based on your need.
     }
   }
 }

Note : You should migrate to Mysqli or PDO. $con in the code is the variable that holds db connection.

Answer 3

You never fetch the results from the query and you need to ask for the correct column name from the query:

if (mysql_num_rows($query)==true) {
    $name = mysql_fetch_assoc($names)
    echo $name['contactFirstName']; // change the column name here
} else {...

You need to prevent SQL Injection or someone will make all of your data disappear.

Please, stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO.