mattheww Posted December 4, 2009 Share Posted December 4, 2009 What I am attempting to achieve here is set an admin session if the user is an admin, so if you have a better way of doing this than I have then I would be most grateful If you showed me the better method. Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in ... on line 35 <?php session_start(); if ($_SESSION['username']) header("Location: member.php"); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { include('connect.php'); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $queryA = mysql_query("SELECT * FROM users WHERE level='9'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&md5($password)==$dbpassword) { //This is where I get the problem! if (mysql_fetch_assoc($queryA)) { $_SESSION['admin']=$username; header("Location: member.php"); } else { $_SESSION['user']=$username; header("Location: member.php"); } } else echo "Incorrect password or username!"; } else die ("Username doesn't exist"); } else die ("Please enter a username and password"); ?> I cant see where I have gone wrong Link to comment https://forums.phpfreaks.com/topic/184024-mysql_fetch_assoc-error/ Share on other sites More sharing options...
premiso Posted December 4, 2009 Share Posted December 4, 2009 Why do two queries? One will suffice. $query = mysql_query("SELECT username, password, level FROM users WHERE username='$username' LIMIT 1") or trigger_error("Query Failed: " . mysql_error()); $numrows = mysql_num_rows($query); if ($numrows > 0) { $row = mysql_fetch_assoc($query); if ($username == $row['username'] && md5($password) == $row['password']) { if ($row['level'] == 9) { $_SESSION['admin'] = $row['username']; // use $row cause the original $username should be escaped and may cause issues. } $_SESSION['user'] = $row['username']; header("Location: member.php"); } } } A bit cleaner and easier to read without redundancies. EDIT: Fixed the = on the username/password checked, it was one = should have been two. Also, you should really do mysql_real_escape_string on the part where you assign $username to a variable that is going to be inputted into the DB. Link to comment https://forums.phpfreaks.com/topic/184024-mysql_fetch_assoc-error/#findComment-971557 Share on other sites More sharing options...
mattheww Posted December 4, 2009 Author Share Posted December 4, 2009 Thanks premiso! Link to comment https://forums.phpfreaks.com/topic/184024-mysql_fetch_assoc-error/#findComment-971560 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.