PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
paqman
Forum Contributor
Posts: 125 Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada
Post
by paqman » Sun Aug 20, 2006 8:49 pm
I'm trying to make a log-in php page, and line 6-8 won't work. It just says they aren't a valid mysql resource. What's going on? I've tried everything I can think of, so once again, it's DevNetwork Forums to the rescue!
Code: Select all
if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];
Thanks!
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Aug 20, 2006 8:51 pm
...and
mysql_error() says?
separate issue: SQL injection alert. Search and be amazed.
paqman
Forum Contributor
Posts: 125 Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada
Post
by paqman » Sun Aug 20, 2006 9:38 pm
Code: Select all
session_start();
//results - store name and username is session variables
if($cmd == "results") {
if($valid_user == 1) {
$_SESSION["s_name"] = $t_name;
$_SESSION["s_username"] = $t_username;
}
}
if($cmd == "logout") {
session_destroy();
}
$dbh=mysql_connect ("localhost", "paqmanwe_paqman", "---------") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("paqmanwe_clients"); ?>
if($cmd == "results") {
if($valid_user == 1) {
echo "Session started! Welcome $t_name! Redirecting to next step..."; }
if($valid_user == 2) {
echo "Redirecting..."; }
}
if($cmd == logout) {
echo "Logging out... Ending session..."; } ?>
<? //start no session
if (!isset($_SESSION["s_name"])) {
//start no cmd
if (!isset($cmd)) {
?>
<center>
<form method="post" action="order.php?cmd=login">
<table style="font-size: 12px;">
<? if ($display == "failed") { ?>
<tr><td colspan=2 style="color: red; text-align: center;">Log in Failed</td></tr><? } ?>
<? if ($display == "logout") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Logged Out</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Log In"></td></tr>
</table>
</form>
<br>
<a href="order.php?cmd=create">First time visitors click here</a><br><br>
</center>
<?
//end no cmd (no session)
}
//sent to this page after clicking login, then redirected after 1200
if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];
if($numrows != "0" & $password == $fetch_em["3_password"]) {
$valid_user = 1;
echo "Log in successful! Continuing previous session..."; }
else {
$valid_user = 2;
echo "Log in failed.";
session_destroy(); }
?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="<? echo $name; ?>">
<input type="hidden" name="valid_user" value="<? echo $valid_user; ?>">
</form>
<?
// end submit page
}
// create a new username/password
if($cmd == "create") { ?>
<p>Please enter a username and password below, then click 'Create New Account.'</p>
<center>
<form method="post" action="order.php?cmd=createnew">
<table style="font-size: 12px;">
<? if ($display == "exists") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Username Already Exists<br>Please Try Another</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Create New Account"></td></tr>
</table>
</form>
<? }
// try to create a new one
if($cmd == "createnew") {
$username = $_POST["username"];
$password = $_POST["password"];
$check_exists = mysql_query("SELECT * FROM order WHERE 3_username = '$username'");
if(mysql_num_rows($check_exists) > 0) { ?>
<body onload=setTimeout("location.href='order.php?cmd=create&display=exists'",1200)>
<p>Redirecting...</p> <? }
if(mysql_num_rows($check_exists) == 0) {
$result=MYSQL_QUERY("INSERT INTO order (3_username,3_password)".
"VALUES ('$username', '$password')"); ?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="Client">
<input type="hidden" name="valid_user" value="1">
</form>
<p>Saving client information...</p><?
}
}
//end no session
}
// start session
if(isset($_SESSION["s_name"])) {
if(!isset($stage) && !isset($cmd)) { $stage = 1; }
// stage 1: Design
if($stage == 1) { ?>
<p>Welcome! </p>
<? }
// end session
}
?>
The problem lies in the lines after'//sent to this page after clicking login, then redirected after 1200 '. The error is:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Aug 20, 2006 9:43 pm
I love being ignored.
Ollie Saunders
DevNet Master
Posts: 3179 Joined: Tue May 24, 2005 6:01 pm
Location: UK
Post
by Ollie Saunders » Sun Aug 20, 2006 9:51 pm
I love being ignored.
*Pats Feyd on the back* Don't worry, Feyd, its their loss.
paqman
Forum Contributor
Posts: 125 Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada
Post
by paqman » Sun Aug 20, 2006 9:54 pm
paqman wrote: ...ter 1200 '. The error is:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128
I don't ignore people
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Aug 20, 2006 9:56 pm
You actually did. Those errors are not from
mysql_error() .
paqman
Forum Contributor
Posts: 125 Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada
Post
by paqman » Sun Aug 20, 2006 9:58 pm
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order WHERE 3_username = 'paqman'' at line 1
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Aug 20, 2006 10:02 pm
"order" is a keyword.
Backticks for all!
Code: Select all
SELECT `3_password` FROM `order` WHERE `3_username` = '$username'
paqman
Forum Contributor
Posts: 125 Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada
Post
by paqman » Sun Aug 20, 2006 10:04 pm
thank you so much! I can't believe I did that...
Thanks!