Page 1 of 1

What is wrong with this code...please help

Posted: Mon Jun 15, 2009 11:15 am
by raul_8
please see the code below. I'm not able to figure out why it is showing error.
Have colored the area where showing error:

-------------------------------------------------------------------------
<html>

<head>
<title>Login.php</title>
</head>


<body>
<?php


$con=mysql_connect("localhost","root","");
$query="mysql_select_db(login)";

mysql_query($query);

$username=$_POST['username'];
$password=md5($_POST['password']);

$chk_user="select name for users where username='$username'";

$user_exist=mysql_num_rows($chk_user);

if($user_exist != 1)
{
echo "Incorrect login";
include "login.html";
exit();
}

else
{
echo "login successfull";
}
?>
</body></html>

----------------------------------------------

saying incorrect use of mysql_num_rows,
and not accepting any username and password, always show incorrect login


P.S. : Attaching other related php and html files

Re: What is wrong with this code...please help

Posted: Mon Jun 15, 2009 11:40 am
by Mark Baker

Code: Select all

 
$con=mysql_connect("localhost","root","");
mysql_select_db(login);
    
$username=$_POST['username'];
$password=md5($_POST['password']);
    
$chk_user="select name for users where username='$username'";
$userQueryResult = mysql_query($chk_user);
 
$user_exist = mysql_num_rows($userQueryResult);
 
And remember to escape the $_POST['username'] value before using it in yoru query

Re: What is wrong with this code...please help

Posted: Mon Jun 15, 2009 10:40 pm
by raul_8
thank you mark,
but still the same problem is occuring.

it gives this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Task1_15June\login.php on line 21

----------------------------------------

code i used:

<html>

<head>
<title>Login.php</title>
</head>


<body>
<?php


$con=mysql_connect("localhost","root","");
mysql_select_db(login);

$username=$_POST['username'];
$password=md5($_POST['password']);

$chk_user="select name for users where username='$username'";
$userQueryResult = mysql_query($chk_user);

$user_exist = mysql_num_rows($userQueryResult);


if($user_exist != 1)
{
echo "Incorrect login";
include "login.html";
exit();
}
else
{
echo "login successfull";
}
?>
</body></html>

Re: What is wrong with this code...please help

Posted: Tue Jun 16, 2009 12:00 am
by jaoudestudios
You query is wrong.
select name for users where username='$username'
It should be...

Code: Select all

SELECT name FROM users WHERE username='$username'
Like Mark Baker said dont forget to filter $username from mysql injection.

Re: What is wrong with this code...please help

Posted: Tue Jun 16, 2009 1:52 am
by raul_8
Damn thank you yaar