Hi everyone !
I'm new to mysql/php and I'm building a small flash-based CMS.
For the login, I'm doing something like this:

$request=$_POST["request"];
$result=mysql_query($request, $db);
if ($result) echo tableToXml($result);

....where /request/ is POSTed from the flash and looks like this:

SELECT * FROM login WHERE username="testuser" AND p***word="testp***"

Strangely, it seems that even tho there aren't any "testuser" and "testp***"
in the database, $result is not returned as false. My tableToXml() function
is always executed. Any idea what's going on ? Help would be greatly
appreciated. Thanks !

sand.

sandison wrote:

> Hi everyone !
> I'm new to mysql/php and I'm building a small flash-based CMS.
> For the login, I'm doing something like this:
>
> $request=$_POST["request"];
> $result=mysql_query($request, $db);
> if ($result) echo tableToXml($result);
>
> ...where /request/ is POSTed from the flash and looks like this:
>
> SELECT * FROM login WHERE username="testuser" AND p***word="testp***"
>
> Strangely, it seems that even tho there aren't any "testuser" and "testp***"
> in the database, $result is not returned as false. My tableToXml() function
> is always executed. Any idea what's going on ? Help would be greatly
> appreciated. Thanks !
>
> sand.
>From the manual:
Return Values
Zero if the query was successful. Non-zero if an error occurred.

Whether a query returns 1 row, 200 rows or 0 rows, has no bearing on
its success or failure as a query.

Captain Paralytic wrote:
> sandison wrote:
>
>> Hi everyone !
>> I'm new to mysql/php and I'm building a small flash-based CMS.
>> For the login, I'm doing something like this:
>>
>> $request=$_POST["request"];
>> $result=mysql_query($request, $db);
>> if ($result) echo tableToXml($result);
>>
>> ...where /request/ is POSTed from the flash and looks like this:
>>
>> SELECT * FROM login WHERE username="testuser" AND p***word="testp***"
>>
>> Strangely, it seems that even tho there aren't any "testuser" and
>> "testp***" in the database, $result is not returned as false. My
>> tableToXml() function is always executed. Any idea what's going on ?
>> Help would be greatly appreciated. Thanks !
>>
>> sand.
>> From the manual:
> Return Values
> Zero if the query was successful. Non-zero if an error occurred.
>
> Whether a query returns 1 row, 200 rows or 0 rows, has no bearing on
> its success or failure as a query.

Ok thank you. I thought that 0 row would be interpreted as a failure.
++

sandison wrote:

> Captain Paralytic wrote:
> > sandison wrote:
> >
> >> Hi everyone !
> >> I'm new to mysql/php and I'm building a small flash-based CMS.
> >> For the login, I'm doing something like this:
> >>
> >> $request=$_POST["request"];
> >> $result=mysql_query($request, $db);
> >> if ($result) echo tableToXml($result);
> >>
> >> ...where /request/ is POSTed from the flash and looks like this:
> >>
> >> SELECT * FROM login WHERE username="testuser" AND p***word="testp***"
> >>
> >> Strangely, it seems that even tho there aren't any "testuser" and
> >> "testp***" in the database, $result is not returned as false. My
> >> tableToXml() function is always executed. Any idea what's going on ?
> >> Help would be greatly appreciated. Thanks !
> >>
> >> sand.
> >> From the manual:
> > Return Values
> > Zero if the query was successful. Non-zero if an error occurred.
> >
> > Whether a query returns 1 row, 200 rows or 0 rows, has no bearing on
> > its success or failure as a query.
>
> Ok thank you. I thought that 0 row would be interpreted as a failure.
> ++

The strange thing is that, ***uming this is php, then a 0 value is
interpreted as false. Thus I would expect your tableToXml() function to
NOT get executed if the query was good.

> $request=$_POST["request"];
> $result=mysql_query($request, $db);
> if ($result) echo tableToXml($result);
>
> ...where /request/ is POSTed from the flash and looks like this:
>
> SELECT * FROM login WHERE username="testuser" AND p***word="testp***"

You are aware that everyone could send any query (like DROP DATABASE
etc.) to your PHP page? I hope you check your input
>
> Strangely, it seems that even tho there aren't any "testuser" and "testp***"
> in the database, $result is not returned as false.

True. the function returns a resource if successful. Use
mysql_fetch_array() to get the rows.

Best regards

--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

sandison wrote:
> Hi everyone !
> I'm new to mysql/php and I'm building a small flash-based CMS.
> For the login, I'm doing something like this:
>
> $request=$_POST["request"];
> $result=mysql_query($request, $db);
> if ($result) echo tableToXml($result);
>
> ...where /request/ is POSTed from the flash and looks like this:
>
> SELECT * FROM login WHERE username="testuser" AND p***word="testp***"
>
> Strangely, it seems that even tho there aren't any "testuser" and
> "testp***" in the database, $result is not returned as false. My
> tableToXml() function is always executed. Any idea what's going on ?
> Help would be greatly appreciated. Thanks !
>
> sand.

thanks all
I used if (mysql_num_rows($result)>0) ... to check the result and now it
works fine !