Page 1 of 2
login
Posted: Tue Feb 07, 2012 8:07 pm
by massimorai
Hello Folks, newbie here... I am fiddling around with creating a basic login script but i keep getting the same error
Code: Select all
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /Applications/XAMPP/xamppfiles/htdocs/testsite/checklogin.php on line 19
Here is my php code for review. thanks in advanced guys, remember i am a newbie dont laugh at my code!
Code: Select all
<?php
//starts a session
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username'] = $_POST['username'];
//connect to the db and create query string to be executed...
$mysqli = new MySQLi("localhost", "root", "", "members");
$sql = "SELECT * FROM members WHERE username = '$username' and password = '$password'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
//loop through databse and check if user exists
if($count==1) {
header("location:login_success.php");
}
else {
echo "login failed";
}
?>
Re: login
Posted: Tue Feb 07, 2012 8:08 pm
by Celauran
You create a mysqli object, then ignore it and try to use mysql_ functions.
Try something like this:
Code: Select all
$mysqli = new mysqli('localhost', 'root', '', 'members');
$query = "SELECT * FROM members WHERE username = '{$username}' AND password = '{$password}'";
$result = $mysqli->query($query)->fetch_all();
While we're at it, you really ought to escape user data before passing it into a query, and you should store password hashes in the database, not the passwords themselves.
Re: login
Posted: Tue Feb 07, 2012 8:13 pm
by massimorai
Interesting, so basically i am inconsistent with the coding?
what would be the proper function to use if using MySQL-Improved syntax?
Re: login
Posted: Tue Feb 07, 2012 8:15 pm
by Celauran
massimorai wrote:what would be the proper function to use if using MySQL-Improved syntax?
Something like this:
Code: Select all
$mysqli = new mysqli('localhost', 'root', '', 'members');
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string($_POST['password']);
$query = "SELECT * FROM members WHERE username = '{$username}' AND password = '{$password}'";
$result = $mysqli->query($query)->fetch_all();
MySQLi Book
Re: login
Posted: Tue Feb 07, 2012 8:16 pm
by massimorai
I got the following error :s
Fatal error: Call to undefined method mysqli_result::fetch_all() in /Applications/XAMPP/xamppfiles/htdocs/testsite/checklogin.php on line 13
Re: login
Posted: Tue Feb 07, 2012 8:21 pm
by Celauran
Not sure why. You can use fetch_assoc instead.
Re: login
Posted: Tue Feb 07, 2012 9:05 pm
by massimorai
fetch_assoc worked, but i got this message all over again...
Warning: mysql_num_rows() expects parameter 1 to be resource, array given in /Applications/XAMPP/xamppfiles/htdocs/testsite/checklogin.php on line 18
Re: login
Posted: Tue Feb 07, 2012 9:12 pm
by Celauran
For the same reason. You can't use mysql_ functions with mysqli. You want $result->num_rows
I posted a link earlier to the php.net MySQLi documentation. It's a good reference.
Re: login
Posted: Wed Feb 08, 2012 7:23 am
by massimorai
Thanks for your help Celauran, you've been a great resource...
cheers
Re: login
Posted: Wed Feb 08, 2012 8:34 am
by massimorai
Hey Celauran,
I was able to put it together properly... As it turns out, i think the reason is because Dreamweaver doesnt support MySQLi syntax. odd, because it says it does... but as soon as i changed all of my code back to mysql_functions everything worked and authenticated correctly... here is the code:
<?php
//starts a session
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username'] = $_POST['username'];
//connect to the db
mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error());
//select the table to be used
mysql_select_db ("members");
//query string to be executed
$sql = "SELECT * FROM members WHERE username = '$username' and password = '$password'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
//loop through databse and check if user exists
if($count==1) {
header("location:login_success.php");
}
else {
echo "login failed";
}
?>
I know this is not the most efficient way, but im learning little at a time... i will start to add more complex queries, and ensure my passwords are stored via the hashes and not displayed. thanks again for your help
Re: login
Posted: Wed Feb 08, 2012 9:39 am
by Celauran
You'd do better to abandon Dreamweaver than to abandon MySQLi IMO.
Re: login
Posted: Wed Feb 08, 2012 9:53 am
by massimorai
really... which program would you recommend?
Re: login
Posted: Wed Feb 08, 2012 10:10 am
by Celauran
I like NetBeans, but Eclipse and PHP Storm are also quite good.
Re: login
Posted: Wed Feb 08, 2012 3:02 pm
by massimorai
do i need to change the settings in the php.ini file to enable MySQL-improved?
Re: login
Posted: Wed Feb 08, 2012 3:06 pm
by Celauran
I've never had to, though I suppose it could depend on your system.