error in my code , login script

[Glenskie]

i just recently bought hosting with hostmonster and im putting my login script on the site and it is not working here is the error im getting

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/quickdai/public_html/login.php on line 36

 

 

<?php // Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$email = '';
$pass = '';
$remember = '';
if (isset($_POST['email'])) {

$email = $_POST['email'];
$pass = $_POST['pass'];
if (isset($_POST['remember'])) {
$remember = $_POST['remember'];
}
$email = stripslashes($email);
$pass = stripslashes($pass);
$email = strip_tags($email);
$pass = strip_tags($pass);

// error handling conditional checks go here
if ((!$email) || (!$pass)) { 

$errorMsg = '<font color="red">Please fill in both fields</font>';

} else { // Error handling is complete so process the info if no errors
include 'connect_to_mysql.php'; // Connect to the database
$email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query
   //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query
$pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
// Make the SQL query
       $sql = mysql_query("SELECT * FROM Admin WHERE email='$email' AND password='$pass'"); 
$login_check = mysql_num_rows($sql);
       // If login check number is greater than 0 (meaning they do exist and are activated)
if($login_check > 0){ 
      while($row = mysql_fetch_array($sql)){


// Create session var for their raw id
$id = $row["id"];   
$_SESSION['id'] = $id;
// Create the idx session var
$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");



      } // close while

      // Remember Me Section


      // All good they are logged in, send them to homepage then exit script
      header("location: 25xc54df.php"); 
      exit();

} else { // Run this code if login_check is equal to 0 meaning they do not exist
   $errorMsg = "Please leave now before your ip is banned ";
} 


   } // Close else after error checks

} //Close if (isset ($_POST['uname'])){
?>
<html>
<div id="form">
 <form id="signinform" action="login.php" method="post" enctype="multipart/form-data" name="signinform">
   <fieldset>


    <div id="legend">Log in</div>
    <br>
     <label for="login">Email</label>
     <input type="text" id="email" name="email" />
     <div class="clear"></div>

     <label for="password">Password</label>
     <input type="password" id="password" name="pass" />
     <div class="clear"></div>

     <div class="clear"></div>

     <br />

     <input type="submit" style="margin: -20px 0 0 287px;" class="button" name="commit" value="Sign In"/> 
   </fieldset><?php print "$errorMsg"; ?>
 </form>
 </div>
 </div>

[requinix]

Use mysql_error to find out why the query you just executed failed (because that's what it did).

[Andy123]

Your query is failing, so mysql_query() returns FALSE. You are then passing this value to mysql_num_rows(), which expects a resource to be passed. As requinix said, checking the return value of mysql_error() will tell you what went wrong with your query.