petroz Posted September 6, 2009 Share Posted September 6, 2009 Hi Guys, I am trying to make a simple login page using sessions. The error I am getting is; Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in /web/login.php on line 10 Any help would be greatly appreciated. Thanks, P Here is the code; <?php include 'db.php'; // Add slashes to the username, and make a md5 checksum of the password. $_POST['username'] = addslashes($_POST['username']); $_POST['password'] = md5($_POST['password']); $result = mysql_query("SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username]'") or die("Couldn't query the username-database."); $num = mysql_result($result, 0); if (!$num) { // When the query didn't return anything, // display the login form. echo "<h3>User Login</h3> <form action='$_SERVER[php_SELF]' method='post'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br><br> <input type='submit' value='Login'> </form>"; } else { // Start the login session session_start(); // We've already added slashes and MD5'd the password $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; // All output text below this line will be displayed // to the users that are authenticated. Since no text // has been output yet, you could also use redirect // the username to the next page using the header() function. // header('Location: page2.php'); echo "<h1>Welcome</h1>"; echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; } ?> Quote Link to comment Share on other sites More sharing options...
RussellReal Posted September 6, 2009 Share Posted September 6, 2009 a quick fix since I have never seen this error before.. would probably be to add a LIMIT clause to the query "SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username' LIMIT 1" Quote Link to comment Share on other sites More sharing options...
kratsg Posted September 6, 2009 Share Posted September 6, 2009 a quick fix since I have never seen this error before.. would probably be to add a LIMIT clause to the query "SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username' LIMIT 1" Perhaps you mean: "SELECT bus_id FROM businesses WHERE password='" .mysql_real_escape_string($password)."' AND bus_id='" .mysql_real_escape_string($username). "' LIMIT 1" Quote Link to comment Share on other sites More sharing options...
RussellReal Posted September 7, 2009 Share Posted September 7, 2009 krats, this was not a question about security, it was a question about getting to the FIRST result in the result set, your answer only shows the query from a security standpoint furthermore, you do NOT need to use mysql_real_escape_string on a md5 checksum because you only possibly can receive an alphanumeric output.. so it would be impossible to inject your sql after passing to the md5 function, and addslashes was his attempt at security, meanwhile mysql_real_escape_string would most likely be the better choice, also.. adding slashes to a possibly already 'magic_quote'ed string is probably redundant and could cause query errors.. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted September 7, 2009 Share Posted September 7, 2009 there seems to be a square bracket in your query mysql_query("SELECT bus_id FROM businesses WHERE password='password' AND bus_id='username]here'") its not messing up anything oddly enough, but you may want to get rid of that. also, you can run into problems with mysql_result as I think the row number in the second paramter corresponds to the row number of the table, not of the returned values. use mysql_fetch_array instead $row = mysql_fetch_array($result); $num = $row['bus_id']; and also, you aren't passing your post variables into the query. try this $user = addslashes($_POST['username']); $pass = md5($_POST['password']); $result = mysql_query("SELECT bus_id FROM businesses WHERE password='$pass' AND bus_id='$user'") or die("Couldn't query the username-database."); Quote Link to comment Share on other sites More sharing options...
petroz Posted September 7, 2009 Author Share Posted September 7, 2009 Hi Guys, Thanks for all the help so far. I admit, all of this stuff was stupid mistakes.. I fixes the POST vars and removed the square bracket. I also replaced or die and I replaced $num = $row['bus_id']; with $row = mysql_fetch_array($result); $num = $row['bus_id']; Now I am getting a parse error. I am kind of lost now, I dont even see the form anymore. Am I heading in the right direction for creating a session login page? If not, please point me in the right direction. If I am heading in the right direction, please help! Thanks, P <?php include 'db.php'; // Add slashes to the username, and make a md5 checksum of the password. $user = addslashes($_POST['username']); $pass = md5($_POST['password']); $result = mysql_query("SELECT bus_id FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR); //$num = mysql_result($result, 0); $row = mysql_fetch_array($result); $num = $row['bus_id']; if (!$num) { // When the query didn't return anything, // display the login form. echo "<h3>User Login</h3> <form action='$_SERVER[php_SELF]' method='post'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br><br> <input type='submit' value='Login'> </form>"; } else { // Start the login session session_start(); // We've already added slashes and MD5'd the password $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; // All output text below this line will be displayed // to the users that are authenticated. Since no text // has been output yet, you could also use redirect // the username to the next page using the header() function. // header('Location: page2.php'); echo "<h1>Welcome</h1>"; echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.