What is wrong in my source-code?

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}

But this script generate and error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

Thanks.

Karl

karlarneg@gmail.com schreef:

Quote:

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b
>
This is my login code in PHP:
>
if(isset($_POST['login'])){
>
// Connect and select database
include ('connect.inc');
>
$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}
>
But this script generate and error:
>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR
>
How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?
>
Thanks.
>
Karl

What's wrong depends on the contents of your 'connect.inc' file

You should watch out for people who's name is "; DELETE * FROM users;"

--
Luuk

On 7 Sep, 15:17, Luuk <L...@invalid.lanwrote:

Quote:

karlar...@gmail.com schreef:
>
>
>

Quote:

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

>

Quote:

This is my login code in PHP:

>

Quote:

if(isset($_POST['login'])){

>

Quote:

* *// Connect and select database
* * * * * *include ('connect.inc');

>

Quote:

* * * * * *$sql = "SELECT * FROM users";
* * * * * *$sql .= "WHERE username ='" . $_POST['username'] . "' ";
* * * * * *$sql .= "AND password='" . $_POST['password'] . "' ";
* * * * * *$results = mysql_query($sql, $dblink);
* * * * * *if(mysql_num_rows($results) != 0){
* * * * * * * * * *echo "OK!";
* * * * * *} else {
* * * * * * * * * *echo "ERROR";
* * * * * *}
* *}

>

Quote:

But this script generate and error:

>

Quote:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

>

Quote:

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

>

Quote:

Thanks.

>

Quote:

Karl

>
What's wrong depends on the contents of your 'connect.inc' file
>
You should watch out for people who's name is "; DELETE * FROM users;"
>
--
Luuk

Here is the connect.inc file
<?php
$dblink = mysql_connect("localhost", "root", "");
$velg_db = mysql_select_db("local");
?>

karlarneg@gmail.com wrote:

Quote:

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b
>
This is my login code in PHP:
>
if(isset($_POST['login'])){
>
// Connect and select database
include ('connect.inc');
>
$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}
>
But this script generate and error:
>
Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR
>
How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?
>
Thanks.
>
Karl
>

This question has been asked many times in this newsgroup, as a quick
search would have told you. Figure out what's wrong with your SQL
statement and fix it.

And next time try checking the results of function calls to see if the
calls worked or not, rather than just assuming they did.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

<karlarneg@gmail.comschreef in bericht
news:89f155c1-ca97-4d73-9168-36b74c49f3b8@k37g2000hsf.googlegroups.com...

Quote:

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b
>
This is my login code in PHP:
>
if(isset($_POST['login'])){
>
// Connect and select database
include ('connect.inc');
>
$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";

echo this string to screen, and you will see: "SELECT * FROM usersWHERE
username" ...

Jensen Somers wrote:

Quote:

Luuk wrote:

Quote:

>karlarneg@gmail.com schreef:

Quote:

>>Hello.
>>I am using Xampp on Windows Vista.
>>PHP 5.2.6
>>MySql 5.0.51b
>>>
>>This is my login code in PHP:
>>>
>>if(isset($_POST['login'])){
>>>
>> // Connect and select database
>> include ('connect.inc');
>>>
>> $sql = "SELECT * FROM users";
>> $sql .= "WHERE username ='" . $_POST['username'] . "' ";
>> $sql .= "AND password='" . $_POST['password'] . "' ";
>> $results = mysql_query($sql, $dblink);
>> if(mysql_num_rows($results) != 0){
>> echo "OK!";
>> } else {
>> echo "ERROR";
>> }
>> }
>>>
>>But this script generate and error:
>>>
>>Warning: mysql_num_rows(): supplied argument is not a valid MySQL
>>result resource in D:\xampp\htdocs\index.php on line 42
>>ERROR
>>>
>>How can I fix this?
>>Users on my locale server have to login to see my pages. Their
>>username and password are stored in the database. Is it another way to
>>write a login script that check the user name and password?

>
If your query fails $result will be FALSE thus mysql_num_rows() will
also fail. Print $sql to the screen and print mysql_error() to the
screen to debug your code and check if no error occurred.
>

Quote:

>>Thanks.
>>>
>>Karl

>What's wrong depends on the contents of your 'connect.inc' file
>>
>You should watch out for people who's name is "; DELETE * FROM users;"
>>

>
MySQL does not allow you to perform 2 queries within 1 call.
Nevertheless are you correct, $_POST should be escaped before adding it
into a query string.
>

Incorrect. MySQL is perfectly happy with performing more than one query
in a single call. The only limitation is in the mysql interface from
the PHP side. If this limitation is removed or the op switches to using
the mysqli interface, he will have a potential serious exposure.

ALWAYS validate ALL data sent by the client!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

On 7 Sep, 15:39, "mijn naam" <whate...@hotmail.invalidwrote:

Quote:

<karlar...@gmail.comschreef in berichtnews:89f155c1-ca97-4d73-9168-36b74c49f3b8@k37g2000hsf.googlegroups.com...
>

Quote:

Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

>

Quote:

This is my login code in PHP:

>

Quote:

if(isset($_POST['login'])){

>

Quote:

// Connect and select database
include ('connect.inc');

>

Quote:

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";

>
echo this string to screen, and you will see: *"SELECT * FROM usersWHERE
username" ...

Thank you very much!
Thank you all of you for all good answer!

Karl

What is wrong in my source-code?

re: What is wrong in my source-code?

re: What is wrong in my source-code?

re: What is wrong in my source-code?

re: What is wrong in my source-code?

re: What is wrong in my source-code?

re: What is wrong in my source-code?

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about