Jump to content

mysql_num_rows(): supplied argument is not a valid MySQL result resource

andy_b_1502

By andy_b_1502
in PHP Coding Help

 Share

Recommended Posts

andy_b_1502 Regular Member

andy_b_1502

Posted
Posted

Hi everyone!

 

I have the following error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /hermes/bosweb25a/b109/ipg.removalspacecom/checklogin.php on line 47

Wrong Username or Password

 

by using the below code:

 

<?PHP

include ('db.php');

// Define $username and $password 
$username=$_POST['username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $companies WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

Does anyone have an idea of whats happening? from a guess it's looking for the username and password in the database, but i've made sure that this username and password in IN the correct fields in the table ect??

 

Thanks

Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

your query is failing, probably because $companies doesn't resolve to a proper table name.  I'd tell you not to use SELECT * on a user table during login, but it seems some people get all pissy when I do that.

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Thanks muddy. I have changed/tested new script with this:

 

$sql="SELECT username, password FROM $companies WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

 

and now have this error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /hermes/bosweb25a/b109/ipg.removalspacecom/checklogin.php on line 47

Wrong Username or Password

 

 

This could be why people get all pissy about it because they are frustrated when it doesnt work  :confused: :'( lol.

 

The username and password is in the database, its looking in the right place but it's not seeing it? any idea's how to make this work for me?

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

i dont remember LB if im honest...  :confused:

 

i have taken the $ from the proceding 'companies' BUT it does not log me in, instead just gives me the error message:

 

"Wrong Username or Password" when using the correct criteria?

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Inserted the username and password with this code:

 

<?PHP

include('db.php');

/* set some validation variables */
$error_message = "";

/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message = "You must enter a valid username<br>";
$error_message = $error_message . "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['username'] . "</font><hr>";
}
/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['upassword'] is NOT set
2) if length of upassword is less than 5
3) if upassword has anything other than letter, numbers or underscores
*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message = $error_message . "You must enter a valid password<br>";
$error_message = $error_message . "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message = $error_message . 'Your invalid password was: <font color="red">' . $_POST['upassword'] . "</font><hr>";
}else{
$upassword = trim($_POST['password']);
}
/* END validating upassword */
/* =============================================== */

/* =============================================== */
/* validating the email */
/* create a function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {
$error_message = $error_message . "You must enter a valid email address<br>";
$error_message = $error_message . 'The invalid email was: <font color="red">' . $_POST['email'] . "</font><hr>";
}
/* END validating email */
/* =============================================== */

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));
$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result);
if($count>0) {
$error_message = $error_message . 'The username: <font color="red">' . $_POST['username'] . "</font> is taken.<hr>";
}

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
header("Location: register.php");
exit();
}
/* =============================================== */



/* =============================================== */
/* PREPARE DATA FOR INSERTION INTO TABLE */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}

$salt = createsalt();
$upasswod = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$approved = 0;
$username = mysql_real_escape_string(trim($_POST['username']));
$email = mysql_real_escape_string(trim($_POST['email']));
$query2 = "INSERT INTO companies (username, password, email, salt, approved) VALUES('$username', '$hash', '$email', '$salt', '$approved')";
$result2 = mysql_query($query2)  or die(mysql_error());
/* =============================================== */

/*
at this point we can send an email to the admin as well
as the user. 
DO NOT send the user's password to ANYONE!!!!
*/
?>
Thank you for registering.<br>;
Your account will be approved and activated within 24 hours.<br><br>
Click here to return to the <a href="index.php">main page</a>.

 

 

litebearer Member

litebearer

Posted
Posted

Since you have hashed the password using a salt when inserting, you also NEED to use the same hash/salt technique when checking the password on login.

ie.

1. get the salt from the table for the appropriate user

2. hash/salt the login password just like you did for the insert BUT use the salt recovered in step 1 above.

3. NOW query the table to make sure the newly hashed/salted password matches the password in the table

 

clear as mud?

(look at the password in the table using phpadmin. you will see what the hash/salted passwords look like. That is 'abcd' as a password will NOT be 'abcd; in the table)

 

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted 

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));
$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result);
if($count>0) {
$error_message = $error_message . 'The username: <font color="red">' . $_POST['username'] . "</font> is taken.<hr>";
}

 

Check USERNAME? not password? this is where the error is, just checking...

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted 
<?php
/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));
$query1 = "SELECT username, salt from companies WHERE username = '$username', salt = '$salt'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result);
if($count>0) {
$error_message = $error_message . 'The username: <font color="red">' . $_POST['username'] . "</font> is taken.<hr>";
}
?>

litebearer Member

litebearer

Posted
Posted

Print this out on a piece of paper and look it over carefully.

 

<?PHP
include ('db.php');

/* set some validation variables */
$error_message = "";

/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/

if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message = "You must enter a valid username<br>";
$error_message = $error_message . "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['username'] . "</font><hr>";
}else{
$username = mysql_real_escape_string(trim($_POST['username']));
}

/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['password'] is NOT set
2) if length of password is less than 5
3) if password has anything other than letter, numbers or underscores
*/

if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message = $error_message . "You must enter a valid password<br>";
$error_message = $error_message . "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message = $error_message . 'Your invalid password was: <font color="red">' . $_POST['password'] . "</font><hr>";
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* =============================================== */

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
header("Location: login.php");
exit();
}
/* =============================================== */

/* =============================================== */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}

/* 
check to see if username is in the table
if not send back to login
*/

$query01 = "SELECT id, salt FROM companies WHERE username = '$username'";
$result01 = mysql_query($query01)  or die(mysql_error());
if(mysql_num_rows($result1 != 1)) {
header("Location: login.php");
exit();
}
$row = mysq_fetch_array($result01);
$salt = $row['salt'];
$password = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$query02 = "SELECT id FROM companies WHERE username = '$username' AND password = '$hash'";
$result02 = mysql_query($query02)  or die(mysql_error());
if(mysql_num_rows($result2) !=1){
/* not found send back to login */
header("Location: login.php");
exit();
}

/* =============================================== */
/* success!!! send them where you want */

?>

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Okay: i have gone away and done a little bit of resaerch. I understand that using salt to check login is a lot more secure as the user's username doesnt change and salt it random.

 

I have changed the query to:

 

$query1 = "SELECT username, salt from companies WHERE salt = '$salt', username = '$username'";

 

could someone please explain why im getting this error?:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' username = 'testing'' at line 1

 

 

'testing' is what i have used as a test username??

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

so it's:

 

$query1 = "SELECT salt from companies WHERE salt = '$salt'";

 

thats just hash/salt password right?

 

that produces the following:

 

"Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /hermes/bosweb25a/b109/ipg.removalspacecom/andy_test_01.php on line 63

 

Warning: Cannot modify header information - headers already sent by (output started at /hermes/bosweb25a/b109/ipg.removalspacecom/andy_test_01.php:63) in /hermes/bosweb25a/b109/ipg.removalspacecom/andy_test_01.php on line 73"

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /hermes/bosweb25a/b109/ipg.removalspacecom/a_test2.php on line 76

 

Fatal error: Call to undefined function mysq_fetch_array() in /hermes/bosweb25a/b109/ipg.removalspacecom/a_test2.php on line 82"

 

:-\

andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

For LOGIN:

 

a_test2.php:

 

<?PHP
include ('db.php');

/* set some validation variables */

$error_message = "";

/* =============================================== */
/*this section of code will set up an error message for the
username if ANY of the conditions occur	

1) checks to see if $_POST['username'] is NOT set	

2) if length of username is less than 5	

3) if username has anything other than letter, numbers or underscores*/

if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {	

/* if username is bad start building the error message */	

$error_message = "You must enter a valid username<br>";	

$error_message = $error_message . "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";	

$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['username'] . "</font><hr>";}

else{	
$username = mysql_real_escape_string(trim($_POST['username']));}
/* END validating username *//* =============================================== */
/* =============================================== */
/*this section of code will set up an error message for thepassword if ANY of the conditions occur	

1) checks to see if $_POST['password'] is NOT set	

2) if length of password is less than 5	

3) if password has anything other than letter, numbers or underscores*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) 
{	

/* if it is NOT set, then set the error variable and start building the error message */	

$error_message = $error_message . "You must enter a valid password<br>";	

$error_message = $error_message . "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";	

$error_message = $error_message . 'Your invalid password was: <font color="red">' . $_POST['password'] . "</font><hr>";}

else{	
$password = trim($_POST['password']);}
/* END validating password *//* =============================================== */
/* =============================================== */

/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */

if(strlen(trim($error_message))>0) {	
$_SESSION['error_message'] =$error_message;	
header("Location: login.php");	
exit();}
/* =============================================== */
/* =============================================== */
/* FUNCTION TO CREATE SALT */

function createSalt() {	
$string = md5(uniqid(rand(), true));	
return substr($string, 0, 3);}

/* check to see if username is in the table if not send back to login*/

$query01 = "SELECT id, salt FROM companies WHERE username = '$username'";

$result01 = mysql_query($query01) 
or die(mysql_error());
if(mysql_num_rows($result1 != 1)) {	

header("Location: login.php");	

exit();
}
$row = mysq_fetch_array($result01);

$salt = $row['salt'];

$password = trim($_POST['password']);

$hash = hash('sha256', $salt, $password);

$query02 = "SELECT id FROM companies WHERE username = '$username' AND password = '$hash'";

$result02 = mysql_query($query02)  

or die(mysql_error());

if(mysql_num_rows($result2) !=1)

{	

/* not found send back to login */	

header("Location: login.php");	

exit();}

/* =============================================== *//* success!!! send them where you want */

?>

 

for this table:

 

 

table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

<tr>

<form name="form1" method="post" action="a_test2.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

<td width="294"><input name="username" type="text" id="username"></td>

</tr>

<tr>

<td>Password</td>

<td>:</td>

<td><input name="password" type="password" id="password"></td>

</tr>

<tr>

<td> </td>

<td> </td>

<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>

</td>

</form>

</tr>

</table>

 

For REGISTER:

 

andy_test_01.php:

 

<?PHP

 

include('db.php');

 

/* set some validation variables */

$error_message = "";

 

/* =============================================== */

/*

this section of code will set up an error message for the

username if ANY of the conditions occur

1) checks to see if $_POST['username'] is NOT set

2) if length of username is less than 5

3) if username has anything other than letter, numbers or underscores

*/

if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {

/* if username is bad start building the error message */

$error_message = "You must enter a valid username<br>";

$error_message = $error_message . "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";

$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['username'] . "</font><hr>";

}

/* END validating username */

/* =============================================== */

 

 

/* =============================================== */

/*

this section of code will set up an error message for the

password if ANY of the conditions occur

1) checks to see if $_POST['upassword'] is NOT set

2) if length of upassword is less than 5

3) if upassword has anything other than letter, numbers or underscores

*/

if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {

/* if it is NOT set, then set the error variable and start building the error message */

$error_message = $error_message . "You must enter a valid password<br>";

$error_message = $error_message . "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";

$error_message = $error_message . 'Your invalid password was: <font color="red">' . $_POST['password'] . "</font><hr>";

}else{

$password = trim($_POST['password']);

}

/* END validating password */

/* =============================================== */

 

/* =============================================== */

/* validating the email */

/* create a function */

function validateEmailAddress($email) {

return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);

}

if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {

$error_message = $error_message . "You must enter a valid email address<br>";

$error_message = $error_message . 'The invalid email was: <font color="red">' . $_POST['email'] . "</font><hr>";

}

/* END validating email */

/* =============================================== */

 

/* =============================================== */

/* check to see if username is already taken */

$username = mysql_real_escape_string(trim($_POST['username']));

$query1 = "SELECT username from companies WHERE username = '$username'";

$result1 = mysql_query($query1)  or die(mysql_error());

$count = mysql_num_rows($result);

if($count>0) {

$error_message = $error_message . 'The username: <font color="red">' . $_POST['username'] . "</font> is taken.<hr>";

}

 

/* =============================================== */

/* if any of the post variables are invalid */

/* set the session variable and send back to the form page */

if(strlen(trim($error_message))>0) {

$_SESSION['error_message'] =$error_message;

header("Location: register.php");

exit();

}

/* =============================================== */

 

 

 

/* =============================================== */

/* PREPARE DATA FOR INSERTION INTO TABLE */

/* FUNCTION TO CREATE SALT */

function createSalt() {

$string = md5(uniqid(rand(), true));

return substr($string, 0, 3);

}

 

$salt = createsalt();

$passwod = trim($_POST['password']);

$hash = hash('sha256', $salt, $password);

$approved = 0;

$username = mysql_real_escape_string(trim($_POST['username']));

$email = mysql_real_escape_string(trim($_POST['email']));

$query2 = "INSERT INTO companies (username, password, email, salt, approved) VALUES('$username', '$hash', '$email', '$salt', '$approved')";

$result2 = mysql_query($query2)  or die(mysql_error());

/* =============================================== */

 

/*

at this point we can send an email to the admin as well

as the user.

DO NOT send the user's password to ANYONE!!!!

*/

?>

Thank you for registering.<br>;

Your account will be approved and activated within 24 hours.<br><br>

Click here to return to the <a href="index.php">main page</a>.

 

for this table:

 

<form name="form1" method="post" action="andy_test_01.php">

<table width="316" height="120" border="0">

<tr><td colspan=2><h1>Register/Sign Up</h1></td></tr>

<tr><td>Username:</td><td>

<input name="username" type="text" id="username">

</td></tr>

<tr><td>Password:</td><td>

<input name="password" type="password" class="style7" id="password">

</td></tr>

<tr><td colspan="2" align="right">

<tr><td>Email:</td><td>

<input name="email" type="text" class="style7" id="email">

</td></tr> 

 

<tr><td colspan="2" align="right">

<input name="Submit" type="submit" class="style7" value="Register" />

</td></tr>

</table>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.