Can anyone help me please, i keep getting this problem.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/sites/lcn/www.simplepm.co.uk/web/login.php on line 23
Please find below my php code, have been trying to solve this issue for a while now, but cant seem to solve it, please help
<?php
//Database Information
$dbhost = "database.lcn.com";
$dbname = "simplepm?co?uk?db";
$dbuser = "LCN_9330";
$dbpass = "password";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = "select * from users where username=‘$username’ and password=‘$password’";
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "login.html";
} else {
$_SESSION[‘username’] = "$username";
include "memberspage.php";
}
?>
Hi
Moderator: General Moderators
Re: Hi
Ok,
1. Put a more meaningful title. "Hi", although friendly, is extremely irrelevant
2. Read the rules - use
1. Put a more meaningful title. "Hi", although friendly, is extremely irrelevant
2. Read the rules - use
Code: Select all
tags.
Anyway, try putting "or die(mysql_error());" after the query.-
cpetercarter
- Forum Contributor
- Posts: 474
- Joined: Sat Jul 25, 2009 2:00 am
Re: Hi
I think the trouble may be that if a user enters an invalid username or password, your select query will not return a valid result set. mysql_num_rows will then return an error, instead of 0.
An alternative approach would be:
Incidentally, it is vital to run the submitted username and password through mysql_real_escape_string before entering them in the database query, otherwise you lay yourself open to sql injection attacks.
An alternative approach would be:
Code: Select all
$query = "SELECT COUNT(*) FROM table WHERE some condition";
$result = mysql_fetch_array($query);
$match = $result[0];
if ($match == 0) {
//invalid username or password
}
elseif ($match > 1) {
// the user is on the database more than once!
}
else {
//log the user in
}