MattD00 Posted September 18, 2011 Share Posted September 18, 2011 I have tried to create a basic login form. When I enter the username and password I get this error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 10 <?php require("connection.php"); if($_SERVER["REQUEST_METHOD"] == "POST") { $username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']); $password=md5($password); $sql="SELECT id FROM user WHERE username='$username' and password='$password'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1) { header("location: dashboard.php"); } else { $error="Invalid username or password"; } } ?> <form action="login.php" method="POST"> <table class="ltext"> <tr> <td> Username </td> <td> <input type="text" name="usename" class="input" /> </td> </tr> <tr> <td> Password </td> <td> <input type="password" name="password" class="input" /> </td> </tr> </tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> <input type="submit" value="Login" name="submit" class="input" /> <input type="reset" value="Clear" name="clear" class="input" /> </td> </tr> </table> </form> I can't figure out why I am getting that error message does anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
xyph Posted September 18, 2011 Share Posted September 18, 2011 You're getting that because mysql_query() is returning FALSE and not a MySQL resource. You need to check for this, and if it happens, echo mysql_error() (for debugging) In a production environment, you probably just want to echo 'Query Error', because mysql_error() may reveal information about your database that could be exploited. Quote Link to comment Share on other sites More sharing options...
voip03 Posted September 18, 2011 Share Posted September 18, 2011 try this sql="SELECT id FROM user WHERE username='".$username."' and password='".$password."'"; $result=mysql_query($sql); if(!$result){ die(" Could not query the database : <br/>". mysql_error() ); } Thank you xyph. Quote Link to comment Share on other sites More sharing options...
MattD00 Posted September 18, 2011 Author Share Posted September 18, 2011 I was able to fix the mysql_num_rows() there was an error with my database. However nothing happens when I login and no error message is shown when the wrong username or password is entered. I decided to echo out the $count but it just shows up as being 0 when trying to login. Quote Link to comment Share on other sites More sharing options...
voip03 Posted September 18, 2011 Share Posted September 18, 2011 Check the DB username and password manually Quote Link to comment Share on other sites More sharing options...
xyph Posted September 18, 2011 Share Posted September 18, 2011 You're not echo'ing $error anywhere Quote Link to comment Share on other sites More sharing options...
MattD00 Posted September 18, 2011 Author Share Posted September 18, 2011 OK so I have now echoed out the error so that bit is working. However the login is still not working Quote Link to comment Share on other sites More sharing options...
xyph Posted September 19, 2011 Share Posted September 19, 2011 Echo your query. Does it match the data in the database? These are extremely simple debugging methods. Check and make sure your input is what you expect it to be Quote Link to comment Share on other sites More sharing options...
MattD00 Posted September 19, 2011 Author Share Posted September 19, 2011 From echoing out the query it'sshowing the username and password for phpMyAdmin, instead of the username and password stored in the the table "users". Quote Link to comment Share on other sites More sharing options...
MattD00 Posted September 19, 2011 Author Share Posted September 19, 2011 From echoing out the query it's showing the username and password for phpMyAdmin, instead of the username and password stored in the the table "users". I fixed that problem my connect file was using the same variables but now I get SELECT id FROM users WHERE username='' The password shows up fine but the username is blank. Even though the field is called username and username is being used in the query. Quote Link to comment Share on other sites More sharing options...
xyph Posted September 19, 2011 Share Posted September 19, 2011 Use print_r( $_POST ) to make sure your post variable actually contains a key called 'username' You should be programming with error_reporting(-1) to see notices about non-existent keys or variables. Again, this is EXTREMELY basic debugging procedure. If the result isn't what you expect, verify the input is what you expect it to be. I'd argue over 90% of the issues posted here can be fixed by using the above method. Quote Link to comment Share on other sites More sharing options...
voip03 Posted September 19, 2011 Share Posted September 19, 2011 Have you correct the typing error? usename to username input name -> usename <td><input type="text" name="usename" class="input" /></td> in PHP -> $_POST['username'] $username=mysql_real_escape_string($_POST['username']); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.