PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
This page worked perfectly until I ammended it slightly, then it came up with an error message, now after removing the ammendment I made the same error message appears whether I type in the correct login details or the wrong ones...?
<?php
// Connect to server and select databse.
include_once "functions.php";
connect();
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password=MD5('$mypassword')";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Why am I getting this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/picfrisky.com/httpdocs/checklogin.php on line 21
Wrong Username or Password
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username='mike' and password=MD5('password')' at line 1"
I dont see how its gone wrong as its been working fine for weeks :S
Yeah those SQL errors are annoying. It's probably the MD5() part. You can't use functions inside of strings like you can with variables, unless that's some arcane SQL thing that I'm not familiar with. Try MD5ing the password outside of the string and storing that as a variable, and using that instead.
Also, as watson implied, not defining $tbl_name would cause a problem I believe.
Yeh I see your point in both cases, can someone advise me on what to write to select the db table please? is it $db_tbl
I'll get working on the variable for the MD5, I am miffed just because one minute the script works and the next it doesnt, all i tried to do was introduce a background image to the error page