phily245 Posted July 12, 2011 Share Posted July 12, 2011 Hi, I'm trying to create a login script for a website, but I'm having a problem with a row counter and header modifying. The error I get is : Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/lincncou/public_html/admin/checklogin.php on line 19 Warning: Cannot modify header information - headers already sent by (output started at /home/lincncou/public_html/admin/checklogin.php:19) in /home/lincncou/public_html/admin/checklogin.php on line 30 Here is line 19: // Mysql_num_row is counting table row $count = mysql_num_rows($result); And here is line 30: else { header("location:index.html"); } Is the count problem a problem with the initial sql query or with the count function? Here is the full page or code: <?php require_once("includes/db.php"); $tbl_name="users"; // Table name // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); //To select the users from the table $result = mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"); // Mysql_num_row is counting table row $count = mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "calendar.php" session_register("username"); session_register("password"); header("location:calendar.php"); } else { //Else redirect back to login screen header("location:index.html"); } ?> Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 12, 2011 Share Posted July 12, 2011 Hi, This indicates a problem with your SQL statement where you run your SELECT statement. The mysql_num_rows commandon line 19 is failing due to an error with the SELECT statement and sending an output to the browser, thus creting the further error when you try to send the header on line 30. Check your table name, is this correct? Try just running the SQL statement on your command line to ensure that it is working and hardcode your username and password in rather than using variables. Eventually you'll find the error and be able to correct it. Quote Link to comment Share on other sites More sharing options...
phily245 Posted July 12, 2011 Author Share Posted July 12, 2011 I ran the following code: $result = mysql_query("SELECT * FROM users WHERE user_email = '$username' AND user_password = '$password'") or die ('Error: '.mysql_error ()); This showed me I was making a typical rookie error of a typo in my column name, but when corrected it still wouldn't work, as it redirected me back to the index page when I had entered the correct login details. I managed to fix it by changing: // username and password sent from form $username = $_POST['username']; $password = $_POST['password']; To: // username and password sent from form $username = $_GET['username']; $password = $_GET['password']; I have no idea why this worked, but surely this is less secure as someone can see the URL if they are using a slow connection and someone looks at their screen? If it helps, the submission form is: <form id="contact" action="checklogin.php" method="get" name="login"> <p> <label><span><strong>USERNAME:</strong></span> <input name="username" type="text" id="name" /> </label> <label><span><strong>PASSWORD:</strong></span> <input name="password" type="password" /> </label> </p> <p><a class="bulk" href="javascript:document.login.submit();">CLICK HERE TO LOG IN</a></p> <p> </p> </form> Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 12, 2011 Share Posted July 12, 2011 Change the form method to POST and also the variables to $_POST[]. You must change them both or they will not work. Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 12, 2011 Share Posted July 12, 2011 the reason why $username = $_POST['username']; $password = $_POST['password']; are not working is because you have set your form method to GET instead of POST. In order to call the input values using $_POST you will need to change your form method to POST. Also, the use of session_register is deprecated, the preferred method is $_SESSION Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 12, 2011 Share Posted July 12, 2011 I'm sure that's what I just said (except the $_SESSION bit) !! lol Quote Link to comment Share on other sites More sharing options...
phily245 Posted July 12, 2011 Author Share Posted July 12, 2011 Hahah, cheers guys, I feel like such a n00b! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 12, 2011 Share Posted July 12, 2011 I'm sure that's what I just said (except the $_SESSION bit) !! lol my apologies if I reiterated something already said, I don't always read all of the replies... Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 12, 2011 Share Posted July 12, 2011 No worries, just pulling your leg. Twice the information is better than none!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.