Page 1 of 1

Hi

Posted: Sat Sep 26, 2009 10:53 am
by qirat786
Can anyone help me please, i keep getting this problem.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/sites/lcn/www.simplepm.co.uk/web/login.php on line 23

Please find below my php code, have been trying to solve this issue for a while now, but cant seem to solve it, please help

<?php

//Database Information

$dbhost = "database.lcn.com";
$dbname = "simplepm?co?uk?db";
$dbuser = "LCN_9330";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);

$query = "select * from users where username=‘$username’ and password=‘$password’";

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "login.html";

} else {
$_SESSION[‘username’] = "$username";
include "memberspage.php";
}

?>

Re: Hi

Posted: Sat Sep 26, 2009 11:05 am
by jackpf
Ok,
1. Put a more meaningful title. "Hi", although friendly, is extremely irrelevant :P
2. Read the rules - use

Code: Select all

tags.

Anyway, try putting "or die(mysql_error());" after the query.

Re: Hi

Posted: Sun Sep 27, 2009 2:24 am
by cpetercarter
I think the trouble may be that if a user enters an invalid username or password, your select query will not return a valid result set. mysql_num_rows will then return an error, instead of 0.

An alternative approach would be:

Code: Select all

$query = "SELECT COUNT(*) FROM table WHERE some condition";
$result = mysql_fetch_array($query);
$match = $result[0];
if ($match == 0)  {
     //invalid username or password
}
elseif ($match > 1)  {
     // the user is on the database more than once!
}
else {
     //log the user in
}
 
Incidentally, it is vital to run the submitted username and password through mysql_real_escape_string before entering them in the database query, otherwise you lay yourself open to sql injection attacks.