search query

[eluser]bigdaddysheikh[/eluser]
Hey,

I search a query to find a matching username and password. Upon false, it should take the user back to the login page. The initial page on load should not return a value for the query because no user information exist. But yet there is a value of 1 being returned by num_row()

Code:

$this->load->model('adminmodel');
        $query = $this->adminmodel->search_query('user', $_POST);
                
        if($query->num_rows() == '1'){
        
        $newdata = array(
                   'username'  => $_POST['username'],
                   'logged_in' => TRUE
               );

        $this->session->set_userdata($newdata);    
        $this->load->view('admin/index');
            
        }else{    
            $data['error'] = "The username or password is incorrect";
            $this->load->view('admin/login', $data);
        }

And the model function that is doing the search is:

Code:

function search_query($table, $data)
    {
        $query = $this->db->get_where($table, $data);
        return $query;
    }

how is it returning the value of 1?

[eluser]Gavin Blair[/eluser]
try echoing out $query->result() to see what exactly it is finding

[eluser]bigdaddysheikh[/eluser]
Upon echoing the array, I find that i does get the first record. How is it querying the database when the $_POST variable is empty?

[eluser]Gavin Blair[/eluser]
If your $_POST is empty, then your query probably looks something like this:

SELECT * WHERE '' = ''

What does print_r($_POST) give?

[eluser]bigdaddysheikh[/eluser]
Hey Gavin, it says Array() it is empty.

[eluser]Gavin Blair[/eluser]
There you go. If $_POST is empty, then num_rows will always give you the total number of records in your table. You'll have to change your query:

Code:

$query = $this->adminmodel->search_query('user', array('username' => $_POST['username'], 'password' => $_POST['password']));

Then, when $_POST is empty, your query will look like this:

Code:

SELECT * FROM user WHERE 'username' = '' AND 'password' = ''

...instead of this:

Code:

SELECT * FROM user WHERE '' = ''

[eluser]bigdaddysheikh[/eluser]
Hey gavin,

Thanks for the solution. I find that a bit discomforting as it would be easier to just write out the query. I do not know what advantage the db model would have.

I am just starting to play with CI so I could be ignorant to some factors. I was hoping I would not have to use the method you mentioned and I could just put $_POST. The alternative is to just check if the $_POST is empty.

[eluser]Gavin Blair[/eluser]
If you don't want to do it that way, yes, the best idea is to run the query only if the form validates (the user actually submitted something into both fields, and maybe they are at least, say, 3 characters long). This would be nicer to your database server as well.