PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /Applications/XAMPP/xamppfiles/htdocs/testsite/checklogin.php on line 19
Here is my php code for review. thanks in advanced guys, remember i am a newbie dont laugh at my code!
<?php
//starts a session
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username'] = $_POST['username'];
//connect to the db and create query string to be executed...
$mysqli = new MySQLi("localhost", "root", "", "members");
$sql = "SELECT * FROM members WHERE username = '$username' and password = '$password'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
//loop through databse and check if user exists
if($count==1) {
header("location:login_success.php");
}
else {
echo "login failed";
}
?>
$mysqli = new mysqli('localhost', 'root', '', 'members');
$query = "SELECT * FROM members WHERE username = '{$username}' AND password = '{$password}'";
$result = $mysqli->query($query)->fetch_all();
While we're at it, you really ought to escape user data before passing it into a query, and you should store password hashes in the database, not the passwords themselves.
Last edited by Celauran on Tue Feb 07, 2012 8:13 pm, edited 1 time in total.
I was able to put it together properly... As it turns out, i think the reason is because Dreamweaver doesnt support MySQLi syntax. odd, because it says it does... but as soon as i changed all of my code back to mysql_functions everything worked and authenticated correctly... here is the code:
//connect to the db
mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error());
//select the table to be used
mysql_select_db ("members");
//query string to be executed
$sql = "SELECT * FROM members WHERE username = '$username' and password = '$password'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
//loop through databse and check if user exists
if($count==1) {
header("location:login_success.php");
}
else {
echo "login failed";
}
?>
I know this is not the most efficient way, but im learning little at a time... i will start to add more complex queries, and ensure my passwords are stored via the hashes and not displayed. thanks again for your help