-2

I have been working on a login page and my code has not been working, does anyone have any tips or ideas on what i should do. When I echo num_rows it displays 0, instead of the number of rows actually in the database.

        $Email = mysqli_real_escape_string($dbc, trim($_POST['Email']));
        $Password = mysqli_real_escape_string($dbc, trim($_POST['Password']));


        //Look up the email and password in the database
        $query = "SELECT * FROM Users WHERE Email = '$Email' AND Password = MD5('$Password')";
        $data = mysqli_query($dbc, $query);
        $count = mysqli_num_rows($data);
        echo "Num of Rows: " . $count . "<br/>";
Chris Pickett
  • 57
  • 1
  • 1
  • 5
  • 1
    [**start by removing MD5 encryption**](http://stackoverflow.com/questions/5235058/password-security-in-php) – NoobEditor Jun 27 '14 at 05:43
  • 2
    Define "not working". Do you get any error messages? Does the last line echo a value? What number does it give you? What have you down to narrow the problem down? Where is your error checking for your database interactions? Have you echoed out the variables you are working with to make sure they are right? What does the data in the database that you are trying to select look like? Does the query work if you run it manually instead of with PHP? – Quentin Jun 27 '14 at 05:47
  • @Quentin I think he means that the code is watching TV all day instead of working. – Ja͢ck Jun 27 '14 at 05:54
  • do this... echo $query; and try to execute that query in phpmyadmin or whatever tool you prefer and see what happends but i think you need to do the MD5 earlier maybe $password = MD5($password) before you create your query also MD5 is out of date DO NOT USE THAT – lauw Jun 27 '14 at 06:10

1 Answers1

1

Change your password statement and query into this. It'll solve the problem

$Password = md5($_POST['Password']);

$query = "SELECT * FROM Users WHERE Email = '$Email' AND Password = '$Password'";

John Robertson
  • 1,486
  • 13
  • 16