Page 1 of 1

help in php5

Posted: Sun May 04, 2008 3:04 am
by tabatsoy
my code in php 4 runs smoothly but when i transfer it in php5 this prints out in the browser:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\exam\login.php on line 40

here is my code:

Code: Select all

<?php 
    session_start();
    $db = mysql_connect("localhost");
        mysql_select_db("examination",$db);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Login</title>
<link href="Layout.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style3 {font-family: Verdana, Arial, Helvetica, sans-serif}
-->
</style></head>
 
<body>
<table width="800" border="0" align="center">
  <tr>
    <td colspan="2"><div align="center"><img src="images/logo.jpg" width="800" height="200" />
    </div></td>
  </tr>
  <tr>
    <td colspan="2"><div align="center"> <span class="session"><br />Log in as an Administrator <br /></span><br />
    </div></td>
  </tr>
  <tr></tr>
  <tr>
    <td colspan="2"><div align="center">
      <?php
    $var1 = $_POST["uname"];
    $var2 = $_POST["pword"];    
    if($var1 && $var2){
        
        $result = mysql_query("SELECT *
                                FROM admin
                                WHERE username = '".$var1."'
                                AND password = '".$var2."'");
        if(mysql_num_rows($result) > 0){
            $_SESSION['loggedin'] = $var1;          
            echo '<span class = "style1"><strong>Welcome, </strong></span><font color="#003399" face="verdana" size="3" style="text-transform: capitalize"><strong>'.$var1 .".</strong></font><br><br>";
            echo "<a href ='admin.php'><div align = 'center' class = 'session'><font size = '1'>Click here to go to Administrator's Main Page</font></div></a><br>";
            echo "<a href='logout.php'><div align = 'center' class = 'session'><font size = '1'>click here to logout</font></div></a><br><br>";
            exit;   
        }
        else{
            echo '<font face = "verdana" size = "2" color = "red">Invalid username or password</font><br>';
        }
    }
    else if($var1 || $var2){
        echo '<font face = "verdana" size = "2" color = "red">Please Fill in all fields.</font><br>';
    }
?>
    </div></td>
  </tr>
  <tr>
    <td width="221">&nbsp;</td>
    <td width="569"><form id="form1" name="form1" method="post" action="login.php">
      <p><span class="style1">username:</span>
        <input name="uname" type="text" id="username" maxlength="20" />
      </p>
      <p><span class="style1">password:</span>
        <input name="pword" type="password" id="password" maxlength="10" />
      </p>
      <p>
        <input type="submit" name="Submit" value="login" />
      </p>
    </form></td>
  </tr>
</table>
<p>&nbsp;</p>
</body>
</html>
 
please help

Re: help in php5

Posted: Sun May 04, 2008 3:19 am
by DeFacto

Code: Select all

 
$query = mysql_query("SELECT *
                                FROM admin
                                WHERE username = '".$var1."'
                                AND password = '".$var2."'");
$result = mysql_query($query) or die ('Error: some error text here');
$num = mysql_num_rows($result);
if ($num != 0) {
 
try that.

Re: help in php5

Posted: Sun May 04, 2008 3:27 am
by lafever
First of all, your mysql_connect is wrong
$db = mysql_connect("localhost"); // WRONG

Code: Select all

 
$db = mysql_connect('host', 'user', 'pw') or die(mysql_error() . mysql_errno());
 
Second: you should always add the following after any SQL action to help find out where your error is coming from.

Code: Select all

 
or die(mysql_error() . mysql_errno()); 
 
Third, your code if ($var1 && $var2) should be something like

Code: Select all

 
if (!empty($var1) && !empty($var2)) {
 
Last but most important, your code is not sanitized or validated against malicious attacks. You should research on SQL Injections and XSS, here is a topic that has some good article links to it viewtopic.php?f=34&t=82223#p458501

Re: help in php5

Posted: Sun May 04, 2008 3:33 am
by tabatsoy
THANKS A LOT

ILL TRY THAT

THANKS FOR THE ADVICE :drunk:

Re: help in php5

Posted: Sun May 04, 2008 3:37 am
by tabatsoy
it still has the error

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\exam\login.php on line 40

please help

Re: help in php5

Posted: Sun May 04, 2008 3:54 am
by DeFacto

Code: Select all

 
<?php
$dbhost = 'name_of_your_host';
$dbuser = 'user_name';
$dbpass = 'password';
$dbname = 'database_name';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
('Error connecting to mysql');
mysql_select_db($dbname);
?>
 
or you can split that in two files
config.php

Code: Select all

 
<?php
$dbhost = 'name_of_your_host';
$dbuser = 'user_name';
$dbpass = 'password';
$dbname = 'database_name';
?>
 
opendb.php

Code: Select all

 
<?php
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
('Error connecting to mysql');
mysql_select_db($dbname);
?>
 
and include those two files

Code: Select all

 
<?php
include 'config.php';
include 'opendb.php';
?>