What is wrong with this code...please help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
raul_8
Forum Newbie
Posts: 8
Joined: Mon Jun 15, 2009 11:05 am

What is wrong with this code...please help

Post by raul_8 »

please see the code below. I'm not able to figure out why it is showing error.
Have colored the area where showing error:

-------------------------------------------------------------------------
<html>

<head>
<title>Login.php</title>
</head>


<body>
<?php


$con=mysql_connect("localhost","root","");
$query="mysql_select_db(login)";

mysql_query($query);

$username=$_POST['username'];
$password=md5($_POST['password']);

$chk_user="select name for users where username='$username'";

$user_exist=mysql_num_rows($chk_user);

if($user_exist != 1)
{
echo "Incorrect login";
include "login.html";
exit();
}

else
{
echo "login successfull";
}
?>
</body></html>

----------------------------------------------

saying incorrect use of mysql_num_rows,
and not accepting any username and password, always show incorrect login


P.S. : Attaching other related php and html files
Attachments
1.rar
(1.78 KiB) Downloaded 2 times
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: What is wrong with this code...please help

Post by Mark Baker »

Code: Select all

 
$con=mysql_connect("localhost","root","");
mysql_select_db(login);
    
$username=$_POST['username'];
$password=md5($_POST['password']);
    
$chk_user="select name for users where username='$username'";
$userQueryResult = mysql_query($chk_user);
 
$user_exist = mysql_num_rows($userQueryResult);
 
And remember to escape the $_POST['username'] value before using it in yoru query
raul_8
Forum Newbie
Posts: 8
Joined: Mon Jun 15, 2009 11:05 am

Re: What is wrong with this code...please help

Post by raul_8 »

thank you mark,
but still the same problem is occuring.

it gives this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Task1_15June\login.php on line 21

----------------------------------------

code i used:

<html>

<head>
<title>Login.php</title>
</head>


<body>
<?php


$con=mysql_connect("localhost","root","");
mysql_select_db(login);

$username=$_POST['username'];
$password=md5($_POST['password']);

$chk_user="select name for users where username='$username'";
$userQueryResult = mysql_query($chk_user);

$user_exist = mysql_num_rows($userQueryResult);


if($user_exist != 1)
{
echo "Incorrect login";
include "login.html";
exit();
}
else
{
echo "login successfull";
}
?>
</body></html>
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: What is wrong with this code...please help

Post by jaoudestudios »

You query is wrong.
select name for users where username='$username'
It should be...

Code: Select all

SELECT name FROM users WHERE username='$username'
Like Mark Baker said dont forget to filter $username from mysql injection.
raul_8
Forum Newbie
Posts: 8
Joined: Mon Jun 15, 2009 11:05 am

Re: What is wrong with this code...please help

Post by raul_8 »

Damn thank you yaar
Post Reply