Jump to content

Recommended Posts

Hi Guys,

 

I am trying to make a simple login page using sessions.

 

The error I am getting is;

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in /web/login.php on line 10

 

Any help would be greatly appreciated.

Thanks,

P

 

Here is the code;

 

<?php 

include 'db.php';

// Add slashes to the username, and make a md5 checksum of the password. 
$_POST['username'] = addslashes($_POST['username']); 
$_POST['password'] = md5($_POST['password']); 

$result = mysql_query("SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username]'") or die("Couldn't query the username-database."); 
$num = mysql_result($result, 0);

if (!$num) { 

// When the query didn't return anything, 
// display the login form. 

echo "<h3>User Login</h3> 
<form action='$_SERVER[php_SELF]' method='post'> 
Username: <input type='text' name='username'><br> 
Password: <input type='password' name='password'><br><br> 
<input type='submit' value='Login'> 
</form>"; 

} else { 

// Start the login session 
session_start(); 

// We've already added slashes and MD5'd the password 
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 

// All output text below this line will be displayed 
// to the users that are authenticated. Since no text 
// has been output yet, you could also use redirect 
// the username to the next page using the header() function. 
// header('Location: page2.php'); 

echo "<h1>Welcome</h1>"; 
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; 

} 

?>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/173350-session-login-page-help/
Share on other sites

a quick fix since I have never seen this error before.. would probably be to add a LIMIT clause to the query

 

"SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username' LIMIT 1"

 

Perhaps you mean:

 

"SELECT bus_id FROM businesses WHERE password='" .mysql_real_escape_string($password)."' AND bus_id='" .mysql_real_escape_string($username). "' LIMIT 1"

krats, this was not a question about security, it was a question about getting to the FIRST result in the result set, your answer only shows the query from a security standpoint

 

furthermore, you do NOT need to use mysql_real_escape_string on a md5 checksum because you only possibly can receive an alphanumeric output.. so it would be impossible to inject your sql after passing to the md5 function, and addslashes was his attempt at security, meanwhile mysql_real_escape_string would most likely be the better choice, also.. adding slashes to a possibly already 'magic_quote'ed string is probably redundant and could cause query errors..

there seems to be a square bracket in your query

mysql_query("SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username]here'")

 

its not messing up anything oddly enough, but you may want to get rid of that. also, you can run into problems with mysql_result as I think the row number in the second paramter corresponds to the row number of the table, not of the returned values. use mysql_fetch_array instead

 

$row = mysql_fetch_array($result);
$num = $row['bus_id'];

 

and also, you aren't passing your post variables into the query. try this

 

$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 

$result = mysql_query("SELECT bus_id FROM businesses WHERE password='$pass' AND bus_id='$user'") or die("Couldn't query the username-database.");

Hi Guys,

 

Thanks for all the help so far. I admit, all of this stuff was stupid mistakes.. I fixes the POST vars and removed the square bracket. I also replaced or die and I replaced

$num = $row['bus_id'];

with

$row = mysql_fetch_array($result);
$num = $row['bus_id'];

 

Now I am getting a parse error. I am kind of lost now, I dont even see the form anymore. Am I heading in the right direction for creating a session login page? If not, please point me in the right direction. If I am heading in the right direction, please help!

 

Thanks,

P

 

<?php 

include 'db.php';

// Add slashes to the username, and make a md5 checksum of the password. 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 

$result = mysql_query("SELECT bus_id FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR); 
//$num = mysql_result($result, 0);
$row = mysql_fetch_array($result);
$num = $row['bus_id'];

if (!$num) 

{

// When the query didn't return anything, 
// display the login form. 

echo "<h3>User Login</h3> 
<form action='$_SERVER[php_SELF]' method='post'> 
Username: <input type='text' name='username'><br> 
Password: <input type='password' name='password'><br><br> 
<input type='submit' value='Login'> 
</form>"; 

} else { 

// Start the login session 
session_start(); 

// We've already added slashes and MD5'd the password 
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 

// All output text below this line will be displayed 
// to the users that are authenticated. Since no text 
// has been output yet, you could also use redirect 
// the username to the next page using the header() function. 
// header('Location: page2.php'); 

echo "<h1>Welcome</h1>"; 
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; 

} 

?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.