mysql num rows returns false

Question

I am here fighting to a mysql_num_rows problem because it always returns false.

$mail=$_POST[mail];

$q="select * from info where email='$mail'";

$query2=mysql_query($q,$con);


$rows = mysql_num_rows($query2);


if($rows > 0){
// Here we are checking if username is already exist or not.
echo "<script>newmail()</script>";
exit;
}  

Even thought I am adding an existing email $rows is never >0, I also tried do echo it but it does not give me nothing, maybe because it returns false.

Thanks for your attention.

Answer 1

First, echo $q and you will see that you haven't correctly sliced $_POST, as it's $_POST['mail'] with quotation marks. That's how you reference keyed arrays.

Second, don't do string concatenation for database queries (or use mysql_): mysql_* functions are deprecated and potentially dangerous and will eventually stop working. Use PDO instead. Otherwise, you will be refactoring everything at some point, and will be introducing known vulnerabilities into your code.

See "How to prevent SQL injection in PHP?", a question from 2008, and Give me parameterized SQL, or give me death, from 2005.

EDIT:

What's your goal? Counting the number of entries that have a given email, right? Not retrieving everything from the database. MySQL has a COUNT function for this purpose: SELECT COUNT(mail) FROM info WHERE mail = ?1 (that's the prepared statement version, read up on it). Then, your result will contain only one row, which itself will be the number of rows in the database that matches your query. It's much more efficient to push this sort of logic to the database than to do it in PHP, especially or big databases.

Now, the obvious and more pressing problem would seem to be that your query is failing. If you open up a MySQL shell and type in select * from info where email='email@example.com'; do you get a result, or an error? Probably an error. Are you sure there is a table called info? Are you sure you're connected to the right database? The other linked question above addresses these problems.

Answer 2

Firstly, you may want to change the $_POST[mail] to $_POST['mail'].

If that has not solved the problem, add an echo $q; statement somewhere in the code to confirm that you are querying what you really meant to query.

Answer 3

In your case, mysql_num_rows() always return 0 because your query finds no match : it is based on a variable which definition was made with a non-existing variable.

As said earlier, $_POST[mail] needs quotation marks : $_POST['mail'], for example.

In debug context, you may want to use var_dump() to test $mail and $_POST['mail'] (about which you'll find out that 'mail' lack quotation marks). It will provide much more information than a simple echo.

With echo, boolean, NULL and empty values may display the same way (nothing). With var_dump(), you can find out about the nature of your variable. Used with your post input, string(0) means that it is simply empty whereas NULL may mean it doesn't exist and that you therefore made a syntax error.

Also you need to secure your query against SQL injections. You should use PDO, though in this quick fix context you may use mysql_real_escape_string() - I guess that a heavily deprecated protection is better than none at all.

Answer 4

Trying changing

$mail=$_POST[mail]; 

to

$mail=$_POST['mail'];

Also, for just proper syntax, capitalize the MYSQL as follows.

SELECT * FROM info WHERE email='$mail'