mysql query fail

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mevets
Forum Newbie
Posts: 23
Joined: Fri Sep 15, 2006 10:06 am

mysql query fail

Post by mevets »

I have a database of users. When I try to authenticate users to see if they have provided the correct password I am always thrown an error. I thought the problem was that username and password fields were varchar datatypes in my table, but not so, it still get thrown an error that the result of the query is invalid.

Code: Select all

$dbh = mysql_connect ("localhost", $user, $password);
mysql_select_db ($db);


if ($_POST['btnlogin']) {
	$username = $_POST['username'];
	$password = $_POST['password'];
	$sqlusers = "SELECT * FROM users WHERE username = $username";
	$result = mysql_query($sqlusers) or mysql_error(); //this doesnt ever seem to be a valid mysql resource.
	if (!mysql_num_rows($result) or mysql_error()) { // this is line 20
		echo 'There are no users registered.';
		die();
	}
	
	$userinfo = mysql_fetch_assoc($result);
	echo 'Thank you for logging in ' . $userinfo['username'];
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/workspace/notes/login.php on line 20

Anyone have a clue as to whats up?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

1. Always pass user input through mysql_real_escape_string()
2. You need to quote $username, ... username = '$username'
mevets
Forum Newbie
Posts: 23
Joined: Fri Sep 15, 2006 10:06 am

Post by mevets »

thank you, worked well!
Post Reply