You have a few problems here. First of all there is no mysqli_result()
, it does not exist. Instead you can fetch the row like below. Also your $connect
is out of scope. You need to pass it as an argument, and as the comments point out even if mysqli_result()
did exist, it still wouldn't work because of the syntax error.
function user_exists($username, $connect)
{
$output = false;
$username = sanitize($username);
$query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
if($query) // check the query was successful before trying to fetch
{
$row = mysqli_fetch_row($query);
$output = $row[0] > 0;
}
return $output;
}
I assume your sanitize()
is doing mysqli_real_escape_string()
. For best security, switch to a Prepared Statement.
No comments:
Post a Comment