Jump to content

Login form mysql_num_rows() error


MattD00

Recommended Posts

I have tried to create a basic login form.

When I enter the username and password I get this error

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 10

 

<?php
require("connection.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password=md5($password);
$sql="SELECT id FROM user WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);


if($count==1)
{
header("location: dashboard.php");
}
else
{
$error="Invalid username or password";
}
}
?>
<form action="login.php" method="POST">
<table class="ltext">
<tr>
<td>
Username
</td>
<td>
<input type="text" name="usename" class="input" />
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type="password" name="password" class="input" />
</td>
</tr>
</tr>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
<input type="submit" value="Login" name="submit" class="input" />
<input type="reset" value="Clear" name="clear" class="input" />
</td>
</tr>
</table>
</form>

 

I can't figure out why I am getting that error message does anyone have any ideas?

Link to comment
Share on other sites

You're getting that because mysql_query() is returning FALSE and not a MySQL resource.

 

You need to check for this, and if it happens, echo mysql_error() (for debugging)

 

In a production environment, you probably just want to echo 'Query Error', because mysql_error() may reveal information about your database that could be exploited.

Link to comment
Share on other sites

I was able to fix the mysql_num_rows() there was an error with my database.

However nothing happens when I login and no error message is shown when the wrong username or password is entered.

I decided to echo out the $count but it just shows up as being 0 when trying to login.

Link to comment
Share on other sites

From echoing out the query it's showing the username and password for phpMyAdmin, instead of the username and password stored in the the table "users".

I fixed that problem my connect file was using the same variables but now I get

SELECT id FROM users WHERE username=''

The password shows up fine but the username is blank.

Even though the field is called username and username is being used in the query.

 

Link to comment
Share on other sites

Use print_r( $_POST ) to make sure your post variable actually contains a key called 'username'

 

You should be programming with error_reporting(-1) to see notices about non-existent keys or variables.

 

Again, this is EXTREMELY basic debugging procedure. If the result isn't what you expect, verify the input is what you expect it to be.

 

I'd argue over 90% of the issues posted here can be fixed by using the above method.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.