Goldeneye Posted March 6, 2008 Share Posted March 6, 2008 Greetings from Severnaya, I just registered here, but anyway, here's my problem: I need to make a MySQL query SELECTING userid, username, and password. I've got that part. Then username and password were assigned a variable with the WHERE condition. So it was: mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE `username` = '$username' AND`password` = '$password'"); So that worked, and wanted to assign `useridid` a $_GET variable (For profiling purposes), and reject banned users with: mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE `userid` = '$userid' OR `username` = '$username' OR`password` = '$password' OR `banned` = 0"); So after that, I tested it by entering wrong usernames/passwords and it still redirected to the, "You are now logged in" page, instead of the, "Incorrect Username/Password" page. And yes, I have the IF statements, which I believe look correct. Does anyone know of any solutions? If needed, I'll post my code.. A preemptive thanks to you. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 6, 2008 Share Posted March 6, 2008 Possibly: WHERE ( `userid`='$userid' OR ( `username`='$username' AND `password`='$password' ) AND `banned`=0 Quote Link to comment Share on other sites More sharing options...
Goldeneye Posted March 6, 2008 Author Share Posted March 6, 2008 Thanks! That code worked; Actually, the `userid`='$userid' part seems to break it, it gives me the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 9 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 18 You didn't get logged in.. sorry. So I tried deleting the userid part and it worked again giving me exactly what I was looking for. I do believe this has something to do with my script. What I did was, (still learning how to make incorporate variables) give `userid` two methods: $userid (which is $_POST) and $useridGET (Which is $_GET). The code for your perusal : For curiosity, the variables, $username and $password are defined as $_POST variables. I'm not sure how to go about the $userid variable, though. if (isset($_POST['process'])) { $result = mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE (`userid`='$userid' OR (`username`='$username' AND `passkey`='$username') AND `banned`=0"); if (mysql_num_rows($result)!=false){ session_start(); $_SESSION['userid'] = $_POST['userid']; $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; echo 'Welcome, <a href="userlist.php?id=' .$_GET['userid']. '">' .$username. '</a>. You are now logged in.'; } So I guess what I'm asking is if I can use $userid as both $_POST and $_GET without defining each in a separate variable.. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 6, 2008 Share Posted March 6, 2008 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 9 This error would indicate that the query did not run successfully, which means it was probably invalid. Try echo'ing the query to the screen and examining it to make sure it is a syntactically correct MySQL statement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.