Hi

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
qirat786
Forum Newbie
Posts: 1
Joined: Sat Sep 26, 2009 10:49 am

Hi

Post by qirat786 »

Can anyone help me please, i keep getting this problem.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/sites/lcn/www.simplepm.co.uk/web/login.php on line 23

Please find below my php code, have been trying to solve this issue for a while now, but cant seem to solve it, please help

<?php

//Database Information

$dbhost = "database.lcn.com";
$dbname = "simplepm?co?uk?db";
$dbuser = "LCN_9330";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);

$query = "select * from users where username=‘$username’ and password=‘$password’";

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "login.html";

} else {
$_SESSION[‘username’] = "$username";
include "memberspage.php";
}

?>
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Hi

Post by jackpf »

Ok,
1. Put a more meaningful title. "Hi", although friendly, is extremely irrelevant :P
2. Read the rules - use

Code: Select all

tags.

Anyway, try putting "or die(mysql_error());" after the query.
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Hi

Post by cpetercarter »

I think the trouble may be that if a user enters an invalid username or password, your select query will not return a valid result set. mysql_num_rows will then return an error, instead of 0.

An alternative approach would be:

Code: Select all

$query = "SELECT COUNT(*) FROM table WHERE some condition";
$result = mysql_fetch_array($query);
$match = $result[0];
if ($match == 0)  {
     //invalid username or password
}
elseif ($match > 1)  {
     // the user is on the database more than once!
}
else {
     //log the user in
}
 
Incidentally, it is vital to run the submitted username and password through mysql_real_escape_string before entering them in the database query, otherwise you lay yourself open to sql injection attacks.
Post Reply