Login times counter in php

Question

I have a database and i am trying to make login times count using php this is my code :

$GetLoginTimes = "Select Login_Times from usertable where email = '$email'";
$GetLoginTimes2 = mysqli_fetch_array($GetLoginTimes);
$LoginTimesEdited = $GetLoginTimes2 + 1;
$UpdateLastLogin = "UPDATE usertable SET Login_Times = '$LoginTimesEdited' WHERE email = '$email'";
mysqli_query($con, $UpdateLastLogin);

when i login the login_times is set to 1 but when i do it again it stays the same TIA!

Use prepared statments or PDO to prevent [SQL injections](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). I don't know how you validate `$email` but 1 mistake and your query is unsafe — Baracuda078, Mar 22 '21 at 11:00
I am using mysqli for everything but i don't know much about making my query safe so would you please explain it — Ahmed Elbehery, Mar 22 '21 at 12:25
I mean that for example i have mysqli_query and mysqli_fetch_array etc.. — Ahmed Elbehery, Mar 22 '21 at 12:27

score 2 · Accepted Answer · answered Mar 22 '21 at 10:05

2

You don't need to retrieve the login count before updating it, update it in one request like that :

$UpdateLastLogin = "UPDATE usertable SET login_times = login_times + 1 where email  = '$email'";
mysqli_query($con, $UpdateLastLogin);

answered Mar 22 '21 at 10:05

Yoleth

1,269
7
15

Thank You! Sorry i am still new – Ahmed Elbehery Mar 22 '21 at 10:12

Raskul · Answer 2 · 2021-03-22T18:40:39.823

the problem in your code is you didn't use $result in the right way, where is mysqli_query()?

$GetLoginTimes = "Select Login_Times from usertable where email = '$email'";
$GetLoginTimes2 = mysqli_fetch_array($GetLoginTimes);

it should be like this:

$GetLoginTimes = "Select Login_Times from usertable where email = '$email'";
$result = mysqli_query($con, $GetLoginTimes);
$GetLoginTimes2 = mysqli_fetch_array($result);

and the second problem is when you retrieve the row, you didn't separate the Login_Times column from the row with $LoginTimesEdited[0], so this code:

$LoginTimesEdited = $GetLoginTimes2 + 1;
$UpdateLastLogin = "UPDATE usertable SET Login_Times = '$LoginTimesEdited' WHERE email = '$email'";
mysqli_query($con, $UpdateLastLogin);

should be like this:

$LoginTimesEdited = $GetLoginTimes2 + 1;
$first_element = $LoginTimesEdited[0];
$UpdateLastLogin = "UPDATE usertable SET Login_Times = '$first_element' WHERE email = '$email'";
mysqli_query($con, $UpdateLastLogin);

to prevent SQL injection you should use the prepare statement here is your example with prepare statement:

$email = "example@example.com";
$stmt = $conn->prepare("UPDATE usertable SET Login_Times= Login_Times + 1 where email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->close();
$conn->close();

read this article to learn how to work with mysql

https://www.w3schools.com/php/php_mysql_select.asp

Login times counter in php

2 Answers2