Jump to content

MySQL Where, And, Or conditions

Goldeneye

By Goldeneye
in PHP Coding Help

 Share

Recommended Posts

Goldeneye Regular Member

Goldeneye

Posted
Posted

Greetings from Severnaya, I just registered here, but anyway, here's my problem:

 

I need to make a MySQL query SELECTING userid, username, and password. I've got that part. Then username and password were assigned a variable with the WHERE condition. So it was:

 

mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE `username` = '$username' AND`password` = '$password'");

 

 

 

So that worked, and wanted to assign `useridid` a $_GET variable (For profiling purposes), and reject banned users with:

 

mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE `userid` = '$userid' OR `username` = '$username' OR`password` = '$password' OR `banned` = 0");

 

So after that, I tested it by entering wrong usernames/passwords and it still redirected to the, "You are now logged in" page, instead of the, "Incorrect Username/Password" page. And yes, I have the IF statements, which I believe look correct.

 

Does anyone know of any solutions? If needed, I'll post my code..

 

A preemptive thanks to you.

Link to comment
Share on other sites
Goldeneye Regular Member

Goldeneye

Posted
  • Author
Posted

Thanks! That code worked; Actually, the `userid`='$userid' part seems to break it, it gives me the error

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 9

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 18

 

You didn't get logged in.. sorry.

 

So I tried deleting the userid part and it worked again giving me exactly what I was looking for. I do believe this has something to do with my script. What I did was, (still learning how to make incorporate variables) give `userid` two methods: $userid (which is $_POST) and $useridGET (Which is $_GET).

 

The code for your perusal : For curiosity, the variables, $username and $password are defined as $_POST variables. I'm not sure how to go about the $userid variable, though.

	if (isset($_POST['process'])) {
	$result = mysql_query("SELECT `userid`, `username`, `password` FROM `users` WHERE (`userid`='$userid' OR (`username`='$username' AND `passkey`='$username') AND `banned`=0");
    	if (mysql_num_rows($result)!=false){
    		session_start();
    		$_SESSION['userid'] = $_POST['userid'];
    		$_SESSION['username'] = $_POST['username'];
		$_SESSION['password'] = $_POST['password'];
		echo 'Welcome, <a href="userlist.php?id=' .$_GET['userid']. '">' .$username. '</a>. You are now logged in.';
	}

 

So I guess what I'm asking is if I can use $userid as both $_POST and $_GET without defining each in a separate variable..

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 9

This error would indicate that the query did not run successfully, which means it was probably invalid.  Try echo'ing the query to the screen and examining it to make sure it is a syntactically correct MySQL statement.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.