Jump to content

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result?

ChrisMartino

By ChrisMartino
in PHP Coding Help

Recommended Posts

ChrisMartino Advanced Member

ChrisMartino

Posted
Posted

Well, I created my login check into a function and here it is:

 

function ValidateLogin($username, $password)
{
	// The client is already logged in.
	if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
	{
		echo"<p>You are already logged in.</p>";
	}
	else
	{
		$ClientUsername = mysql_real_escape_string($username);
		$ClientPassword = md5(mysql_real_escape_string($password));

		$CheckLogin = mysql_query("SELECT * FROM Clients WHERE Username = '".$ClientUsername."' AND Password = '".$ClientPassword."'");

		if(mysql_num_rows($CheckLogin) == 1)
		{
			$Fetch = mysql_fetch_array($CheckLogin);
			$AccBal = $Fetch['Balence'];
			$AccountStatus = $Fetch['Status'];

			if($AccountStatus == "1")
			{
				$_SESSION['LoggedIn'] = 1;
				$_SESSION['Username'] = $ClientUsername;
				$_SESSION['Balance'] = $AccBal;

				echo"<meta http-equiv=\"REFRESH\" content=\"0;url=index.php\"></HEAD>";
			}
			else if($AccountStatus == "0")
			{
				echo"<h1>Error</h1>";
				echo"<p>You must validate your email before logging in!.</p>";
			}
			else if($AccountStatus == "Banned")
			{
				echo"<h1>Error</h1>";
				echo"<p>This account is marked as banned, You cannot login.</p>";
			}

		}
		else
		{
			echo "<h1>Error</h1>";
			echo "<p>Sorry, Incorrect username or password.</p>";
		}
	}
}

 

And this is how i call it:

 

					$URL = $_GET['account'];

					if($URL == "")
					{
						echo"
							<form id=\"LoginForm\" method=\"post\" action=\"login.php?account=check\">
							<label>Login to your account at X-Host to manage your servers/billing
								<p align=\"center\">
								<label>Username:
								<br />
								<input type=\"text\" name=\"username\" id=\"username\" />
								<br />
								<br />
								Password:<br />
								<input type=\"password\" name=\"password\" id=\"password\" />
								<br />
								<br />
								<input type=\"submit\" name=\"button\" id=\"button\" value=\"Login\" />
								<br />
							</label>
							</p>
							</form>
						";
					}
					else if($URL = "check")
					{
						//Check the client's account with the function
						ValidateLogin($_POST['username'], $_POST['password']);
					}

 

But it returns this error when i hit login once it passes the page onto "account=check":

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home3/chrismar/public_html/x-host.co.uk/api/account_api.php on line 84

 

 

This is line 84 (IN THE FUNCTION):

 

if(mysql_num_rows($CheckLogin) == 1)

 

If anyone could give me some guidance on the matter, It would be much obliged.

 

Thanks for your time!,

 

Chris.

 

DWilliams Member

DWilliams

Posted
Posted

It sounds like your mysql_query is generating an error but you don't have any way to display it currently.

 

At least for debugging purposes, add "or die(mysql_error())" after each mysql_query call, that will halt your script and output the error message.

 

Also, another unrelated thing I notice is that you're calling mysql_real_escape_string on passwords. Someone correct me if I'm wrong, but this is a bad thing. Since you're running it through md5 anyway, any invalid characters will be hashed anyway and wont break your query. This also has the negative effect of locking people out who use special characters in their passwords. If, for example, someone's password is hunter2's, their password will be changed to hunter2\'s and then hashed, rendering them unable to log in.

xt3mp0r~ Newbie

xt3mp0r~

Posted
Posted

That probably means the SQL query you are using with mysql_query in below code isn't returning a valid MYSQL resource.

$CheckLogin = mysql_query("SELECT * FROM Clients WHERE Username = '".$ClientUsername."' AND Password = '".$ClientPassword."'");

 

Check the query, and see if those variables used in the query are set before using them.

ChrisMartino Advanced Member

ChrisMartino

Posted
  • Author
Posted

else if($URL = "check")

^ that statement is always true. I think you missed an equal sign.

 

Thanks ken always the simple faults haha, And thanks you guys for spending your time to respond aswell!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.