Jump to content

Recommended Posts

$sql = "select * from user_info where us_name='$username' and md5(us_pass)='$userpass'"; 
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result); 
$count=mysql_num_rows($result);

 

But it is giving error :

arning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\...\verify.php on line 19

 

 

I am not getting why it is so

Link to comment
https://forums.phpfreaks.com/topic/245671-mysql_fetch_assoc/
Share on other sites

Yup moderator... I tried it, the code written is correct ...

 

Let me explain it to you..

 

The variable $userpass is already an md5 hash of the some string ...

Now that string is stored in my databse..

 

Now to get the id associated with that string i need to write

Select * from user_info where md5(user_pass)='$userpass';

 

And now my code is working fine i just made a silly mistake, the table name was actually user_info1 ..

 

btw THANX everyone

Link to comment
https://forums.phpfreaks.com/topic/245671-mysql_fetch_assoc/#findComment-1261932
Share on other sites

LOL, why would you store the password in plain text and then when looking for a match you take the user entered value - convert it to a hash and compare it to a hash of the database value? What is the point of using a hash in this instance? You need to store the password as a hash (and use a salt while you are at it.)

 

As to your problem, the query is failing. The query may be wrong, which would result in no matches, but I don't see anything blatant that would cause it to fail. You may have a typo in field names that is causing the failure. Add some error handling to the query to see the error

$result=mysql_query($sql) or die(mysql_error());

Link to comment
https://forums.phpfreaks.com/topic/245671-mysql_fetch_assoc/#findComment-1261933
Share on other sites

mjdamto i am not storing password as md5 hash in my database because i wont be able to know that what the password was...

 

And i dont think that their is something ANTI MD5

 

 

If it's all about retrieving a lost password, it would be more secure to just reset the password for visitors. What happens if someone gets ahold of the database?

Link to comment
https://forums.phpfreaks.com/topic/245671-mysql_fetch_assoc/#findComment-1261937
Share on other sites

mjdamto i am not storing password as md5 hash in my database because i wont be able to know that what the password was...

 

And i dont think that their is something ANTI MD5

 

If you are not storing the value as an MD5 hash, then why are you converting the values to MD5 hashes to compare in the query? I have to assume the user isn't entering the value as an MD5 hash. So, that means you are converting the user entered value to an MD5 hash and then comparing that to the MD5 hash of the DB value in the query. That's stupid. Why not just compare the user entered value to the DB value without any MD5 conversion?

 

However, the whole point of hashing the value in the DB is so YOU (or anyone else that access the data) will not know the users' passwords!!! You are not supposed to know what their password is. That creates a security risk. People with access to the database could log into the application as one of those users and perform actions posing as that user and, more importantly, since users use the same passwords for multiple systems you could potentially access other applications/sites that those users access.

 

As for "And i don't think that their is something ANTI MD5", I don't know what you mean. But, when storing a password as a hash (which you should absolutely do) you should always do so using a salt. Users with simple passwords could be determined using a rainbow table. And the whole point of hashing the password is to secure the data.

 

As the caretaker of this data you need to take some responsibility in ensuring that the users' sensitive data is not exposed.

Link to comment
https://forums.phpfreaks.com/topic/245671-mysql_fetch_assoc/#findComment-1261941
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.