Mysqli help
Posted: Thu Jul 11, 2013 7:29 am
I'm working on an RPG. I first used mysql but after mysqli introduction I'm trying to change the code to mysqli but I'm getting and error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/a5306723/public_html/login.php on line 46
Line 46 is
and the login script is
I have not included the HTML part. Please help me as soon as possible
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/a5306723/public_html/login.php on line 46
Line 46 is
Code: Select all
$checkuser=mysqli_num_rows($result);Code: Select all
<?php
include ('include/connection.php');
if (isset($_POST['action'])) {
if ($_POST['action'] == "Login") {
if(!$_POST['username'] | !$_POST['password']) {
echo ('You did not fill in a required field.');
} else {
$_POST['username'] = $username;
$_POST['password'] = $password;
mysqli_real_escape_string($connection, $username);
mysqli_real_escape_string($connection, $password);
$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'");
$checkuser=mysqli_num_rows($result);
$getiplog = mysqli_query($connection, "SELECT * FROM logins WHERE ip= '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
$checkip = mysqli_num_rows($getiplog);
if ($checkuser == 0) {
echo ('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
} elseif ($checkip >= 10) {
echo ('This IP has too many failed login attempts, please contact an administrator to get your IP unblocked');
} else {
$info = mysqli_fetch_array($getuser);
if (sha1(md5($_POST['password'])) != $info['password']) {
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'No', '".$_POST['password']."')";
$add_login = mysqli_query($login);
echo('Incorrect password, please try again.');
} else {
$month = time() + 3600*24*30;
$_SESSION['user'] = $_POST['username'];
setcookie("save_user", htmlentities($_POST['username']), $month);
// setcookie("save_pass", stripslashes(htmlentities(sha1(md5($_POST['password'])))), $month);
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'Yes', '".$_POST['password']."')";
$add_login = mysqli_query($login);
header("location: members.php");
}
}
}
}
} else {
echo("<p>");
echo("Please Login To Continue!");
echo("</p>");
echo("<form action='login.php' method='POST'>");
echo("<input type=hidden name=action value='Login'>");
echo("<table>");
echo("<tr>");
echo("<td>Username:</td>");
echo("<td>");
echo("<input type='text' name='username'>");
echo("</td>");
echo("</tr>");
echo("<tr>");
echo("<td>Password:</td>");
echo("<td>");
echo("<input type='password' name='password'>");
echo("</td>");
echo("</tr>");
echo("</table>");
echo("<input type='submit' value='Login' name='submit' class='button'>");
echo("</form>");
}
?>