0

I'm doing this simple website, and I have run into this error:

My function:

<?php 
function user_exists($username)
{
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
    return (mysqli_result($query, === 0) 1) ? true : false;
}
 ?>

My php error log:

PHP Parse error:  
syntax error, unexpected '===' (T_IS_IDENTICAL) in function on line 6

Line 6 is the return line.

I understand what a syntax error means, but I'm quite sure that the '===' is not the problem.

Improve this question
4
  • 3
    The === is the problem. What is that return trying to do? The mysqli_result call is badly formatted - the second parameter is === 0, which isn't correct.
    – andrewsi
    Commented Jun 21, 2013 at 15:35
  • 1
    Do not try to sanitize user input, but use prepared statements instead.
    – Marcel Korpel
    Commented Jun 21, 2013 at 15:35
  • FYI, there's no such function as mysqli_result(). Not all mysql_XXX functions have a corresponding mysqli_XXX function, and this is one that they didn't copy.
    – Barmar
    Commented Jun 21, 2013 at 15:41
  • ($query, === 0) . You can't pass === 0 as a parameter.
    – gen_Eric
    Commented Jun 21, 2013 at 15:44

2 Answers 2

Reset to default
1

Edit : I was only talking about the ternary condition and this answer is false because the mysqli_result() function doesn't exist.

I guess you are trying to do this :

return mysqli_result($query) === 0 ? false : true;

And as Marcel Korpel said, use prepared statements to avoid security flaws.

Improve this answer
3
  • Thank you very much, this was the exact thing i was trying to do!
    – user2462645
    Commented Jun 21, 2013 at 15:58
  • This will not work because mysqli_result() does not exist, and even if it did, that would be the wrong syntax. It would be mysqli_result($query, 1)
    – MrCode
    Commented Jun 21, 2013 at 15:59
  • I didn't check the function, and I should have. All I saw was a bad use of the ternary condition, and I thought it was the only problem. As MrCode said, it won't work and you should look for another answer.
    – mimipc
    Commented Jun 21, 2013 at 17:14
0

You have a few problems here. First of all there is no mysqli_result(), it does not exist. Instead you can fetch the row like below. Also your $connect is out of scope. You need to pass it as an argument, and as the comments point out even if mysqli_result() did exist, it still wouldn't work because of the syntax error.

function user_exists($username, $connect)
{
    $output = false;
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");

    if($query) // check the query was successful before trying to fetch
    {
        $row = mysqli_fetch_row($query);
        $output = $row[0] > 0;
    }

    return $output;
}

I assume your sanitize() is doing mysqli_real_escape_string(). For best security, switch to a Prepared Statement.

Improve this answer
1
  • Thank you for your long comment! It was very useful, i will definitely look into prepared statements.
    – user2462645
    Commented Jun 21, 2013 at 15:58

Not the answer you're looking for? Browse other questions tagged or ask your own question.