Syntax error on return statement [closed]

0
votes

I'm doing this simple website, and I have run into this error:

My function:

<?php 
function user_exists($username)
{
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
    return (mysqli_result($query, === 0) 1) ? true : false;
}
 ?>

My php error log:

PHP Parse error:  
syntax error, unexpected '===' (T_IS_IDENTICAL) in function on line 6

Line 6 is the return line.

I understand what a syntax error means, but I'm quite sure that the '===' is not the problem.

2
phpmysqlfunctionsyntax-error
The === is the problem. What is that return trying to do? The mysqli_result call is badly formatted - the second parameter is === 0, which isn't correct.andrewsi
Do not try to sanitize user input, but use prepared statements instead.Marcel Korpel
FYI, there's no such function as mysqli_result(). Not all mysql_XXX functions have a corresponding mysqli_XXX function, and this is one that they didn't copy.Barmar
($query, === 0) . You can't pass === 0 as a parameter.Rocket Hazmat

2 Answers

1
votes

Edit : I was only talking about the ternary condition and this answer is false because the mysqli_result() function doesn't exist.

I guess you are trying to do this :

return mysqli_result($query) === 0 ? false : true;

And as Marcel Korpel said, use prepared statements to avoid security flaws.

0
votes

You have a few problems here. First of all there is no mysqli_result(), it does not exist. Instead you can fetch the row like below. Also your $connect is out of scope. You need to pass it as an argument, and as the comments point out even if mysqli_result() did exist, it still wouldn't work because of the syntax error.

function user_exists($username, $connect)
{
    $output = false;
    $username = sanitize($username);
    $query = mysqli_query($connect, "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");

    if($query) // check the query was successful before trying to fetch
    {
        $row = mysqli_fetch_row($query);
        $output = $row[0] > 0;
    }

    return $output;
}

I assume your sanitize() is doing mysqli_real_escape_string(). For best security, switch to a Prepared Statement.