Page 1 of 1

checklogin.php error

Posted: Tue Feb 24, 2009 4:19 pm
by mikes1471
Hi Guys

This page worked perfectly until I ammended it slightly, then it came up with an error message, now after removing the ammendment I made the same error message appears whether I type in the correct login details or the wrong ones...?

Code: Select all

<?php
// Connect to server and select databse.
include_once "functions.php";
 
connect();
 
// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
 
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password=MD5('$mypassword')";
$result=mysql_query($sql);
 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
 
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Why am I getting this error:


Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/picfrisky.com/httpdocs/checklogin.php on line 21
Wrong Username or Password

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:37 pm
by Randwulf
Sounds like your query is failing. Change line 18 to:

Code: Select all

 
$result=mysql_query($sql) or die("Error: ".mysql_error());
 
And see what it says then.

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:40 pm
by watson516
is $tblname set anywhere?

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:44 pm
by mikes1471
Thanks, I tried that and it returned:

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username='mike' and password=MD5('password')' at line 1"

I dont see how its gone wrong as its been working fine for weeks :S

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:47 pm
by mikes1471
watson516 wrote:is $tblname set anywhere?
No, I havnt specified it anywhere, this is functions.php

Code: Select all

Removed

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:49 pm
by Randwulf
Yeah those SQL errors are annoying. It's probably the MD5() part. You can't use functions inside of strings like you can with variables, unless that's some arcane SQL thing that I'm not familiar with. Try MD5ing the password outside of the string and storing that as a variable, and using that instead.

Also, as watson implied, not defining $tbl_name would cause a problem I believe.

Re: checklogin.php error

Posted: Tue Feb 24, 2009 4:53 pm
by mikes1471
Yeh I see your point in both cases, can someone advise me on what to write to select the db table please? is it $db_tbl

I'll get working on the variable for the MD5, I am miffed just because one minute the script works and the next it doesnt, all i tried to do was introduce a background image to the error page