This is the error I get, everytime “mysql_num_rows()” gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30
Here is my files code
<?php
include 'inc/php/dbconfig.php';
include 'inc/php/functions.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
<title>Shane Faulkner | Login</title>
<link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
</head>
<body>
<?php
// when the user hits the submit button...
if ($_POST['submit']) {
// get the variables from the form and protect them
$username = protect($_POST['username']);
$password = protect($_POST['password']);
if (!$username || !$password) {
echo 'please enter a username or a password!';
} else {
// if they do have both a username and password then
// we want to select all usernames from the database that match that username
$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
$num = mysql_num_rows($res);
// now we need to see if there is a match
if ($num == 0) {
// on fail display error
echo 'the username, '.$username.', does not exist in our system!';
} else {
$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
// we want to continue a their credentials if they passes
$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
if ($num == 0) {
// on fail display error
echo 'the password you gave us does not match the username!';
} else {
$row = mysql_fetch_assoc($req);
if ($row['active'] != 1) {
// on fail display error
echo 'you still need to activate your account before you can log in!';
} else {
// if it is active then log them in
$_SESSION['uid'] = $row['id'];
echo 'you have been logged in!';
echo 'please wait while we redirect you!';
// update them so they display as online
mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
// redirect
header('location: index.php');
}
}
}
}
}
?>
<form action="login.php" method="post">
<div id="login">
<p>
<label>username: </label>
<input name="username" type="text" />
</p>
<p>
<label>password: </label>
<input name="password" type="password" />
</p>
<p>
<label>remember me: </label>
</p>
<span><input name="submit" value="login" type="submit"></span>
<span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
</div>
</form>
</body>
</html>
This is the files that connects to the DB
<?php
// start a session to see if a user is logged in
session_start();
// define database variables
$myqhost = 'localhost';
$myqname = '******';
$myquser = '************';
$myqpass = '*************';
$con = mysql_connect($myqhost, $myquser, $myqpass);
$db = mysql_select_db($myqname, $con);
if (!con) {
echo '<p>MySQL connection is <b>bad</b></p>';
} else {
echo '<p>MySQL connection is <b>good</b></p>';
}
?>
Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/
There is a lot that can go wrong when interfacing code and a database. Each one of the MySQL functions present in PHP is set up to return a result that evaluates to false if something goes wrong. Every operation from connecting to the database to retrieving results needs to be evaluated as to whether the operation was successful before proceeding. Don’t select a database on a connection that failed, don’t run on a query on a connection where a database was not successfully selected, and don’t attempt to get information about, or information from a result set that doesn’t exist because the query failed or the database connection or server had an issue for the brief moment of your request.
Thanks for the reply guys, I have changed the code to this and tested within myphpadmin
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
// we want to continue a their credentials if they passes
$num = mysql_num_rows($res);
It works! I am just retarded and didn’t “notice” the difference between “`” and “'”
that query could still fail, not through syntax but due to a momentary break in the connection. You really need to evaluate each step even if you are certain the query will execute without error. If $res evaluates to false, don’t continue.
That is correct. Each of those functions returns something that will evaluate to false if something goes wrong. mysql_connect, mysql_select_db and mysql_query. Each should be checked for failure before preceding, even if there is only a slim chance something will go wrong.
Thank you very much! I will take a look at this and try and understand it so I can implement this or something simular! It really helps to see examples
I have another problem! I know it is small and im probably just retarted but this is the code
// check to see if they have proper privieges
$res = mysql_query("SELECT `id` FROM `users` WHERE `group` = 'admin'");
$row = mysql_fetch_assoc($res);
if (!$_SESSION['uid']) {
// see if they are logged in and have a session
echo 'you must be logged in to use this feature';
} else {
if ($row['id'] == $_SESSION['uid']) {
echo 'u are admin';
echo $row['id'];
} else {
echo 'u are member';
}
}
So here is what i think is happening. it is only comparing the first row right? I need it to compare more
I figured it out on my own! I am so happy, here it is can you guys tell me what you think? Should I have done this another way?
<?php
// check to see if they have proper privieges
$res = mysql_query("SELECT `id` FROM `users` WHERE `group` = 'admin'");
if (!$_SESSION['uid']) {
// see if they are logged in and have a session
echo 'you must be logged in to use this feature';
} else {
while ($row = mysql_fetch_array($res, MYSQL_NUM)) {
if ($row[0] == $_SESSION['uid']) {
$admin = true;
} else {
$admin = false;
}
}
}
if ($admin == true) {
?>
This is test for admin == true.
<?php
} else {
?>
This is test for admin == false.
<?php
}
?>