Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
I can't see what is wrong.
Here is the script.
<code>
<?php
session_start();
$anvnamn = $_POST['usr'];
$losenord = $_POST['pwd'];
include "dbconnect.php";
$anv2 = mysql_real_escape_string($anvnamn, $dbconnect);
$los2 = mysql_real_escape_string($losenord, $dbconnect);
$sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '" .
$anvnamn . "' AND losen = '" . $losenord . "'";
$res = mysql_query($sqlfraga, $dbconnect);
if($rad = mysql_fetch_array($res))
{
$_SESSION['logged_in_admin'] = true;
}
else
{
$_SESSION['logged_in_admin'] = false;
}
?>
<html>
<body>
<?php
if($_SESSION['logged_in_admin'])
{
echo("You are logged in");
include('index.php');
}
else
{
echo ("go away");
}
?>
</body>
</html>
</code> 6 1309
On May 19, 1:36*pm, morph.1...@gmail.com wrote:
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
$res = mysql_query($sqlfraga, $dbconnect);
if($rad = mysql_fetch_array($res))
When the query fails, mysql_query() returns false, which results in
the error message you wrote. I am not sure if this is the case in your
situation, because this would also print a warning. Check the output
of mysql_query() and use mysql_error() to get the error message. mo********@gmail.com wrote:
Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
I can't see what is wrong.
Here is the script.
<code>
<?php
session_start();
$anvnamn = $_POST['usr'];
$losenord = $_POST['pwd'];
include "dbconnect.php";
$anv2 = mysql_real_escape_string($anvnamn, $dbconnect);
$los2 = mysql_real_escape_string($losenord, $dbconnect);
You create some escaped versions of the $_POST data...
$sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '" .
$anvnamn . "' AND losen = '" . $losenord . "'";
.... but then fail to use them (SQL injection alert!).
$res = mysql_query($sqlfraga, $dbconnect);
Then fail to check whether $res is FALSE, which could be the case if
there was an issue with rights to the database.
if($rad = mysql_fetch_array($res))
Which would cause this to error as described.
So, the error said that $res wasn't valid, so why didn't you check what
was being used? Simple debugging...
Robin
On Mon, 19 May 2008 13:36:24 +0200, <mo********@gmail.comwrote:
Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
I can't see what is wrong.
Here is the script.
<code>
<?php
session_start();
$anvnamn = $_POST['usr'];
$losenord = $_POST['pwd'];
include "dbconnect.php";
$anv2 = mysql_real_escape_string($anvnamn, $dbconnect);
$los2 = mysql_real_escape_string($losenord, $dbconnect);
Proper escaping and then:
$sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '" ..
$anvnamn . "' AND losen = '" . $losenord . "'";
.... using the unescaped variables!
You, my friend, are vulnerable to SQL injection. Use the $avn2 & $los2
variables in the query, that's why you escape()d them...
If you still have the same problem, echo $sqlfraga & mysql_error() to the
screen and check what's wrong with the query.
--
Rik Wasmus
....spamrun finished
On Mon, 19 May 2008 14:05:55 +0200, Robin <an**@somewhere.comwrote: mo********@gmail.com wrote:
>Hi, I can't get this script to work. I've used this exact script on other places and it works, but now i get this error. <codeWarning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on line 15 </code> I can't see what is wrong. Here is the script. <code> <?php session_start(); $anvnamn = $_POST['usr']; $losenord = $_POST['pwd']; include "dbconnect.php"; $anv2 = mysql_real_escape_string($anvnamn, $dbconnect); $los2 = mysql_real_escape_string($losenord, $dbconnect);
You create some escaped versions of the $_POST data...
>$sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '"
mo********@gmail.com escribió:
Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
I can't see what is wrong.
Speaking in plain English, this error message means that you can't fetch
rows from $res because the database query failed. So you need to check
whether the query fails or not:
$res = mysql_query($sqlfraga, $dbconnect);
if(!$res){
// Error: log it, abort or whatever
echo 'Query failed: ' . mysql_error();
}else{
// Read rows
}
I also recommend you to enable full error reporting (at least in your
dev box). Edit your php.ini file or add this to the top of the script:
ini_set('display_errors', 1);
error_reporting(E_ALL);
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
On May 19, 2:13 pm, "Álvaro G. Vicario"
<alvaroNOSPAMTHA...@demogracia.comwrote:
morph.1...@gmail.com escribió:
Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.
<codeWarning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>
I can't see what is wrong.
Speaking in plain English, this error message means that you can't fetch
rows from $res because the database query failed. So you need to check
whether the query fails or not:
$res = mysql_query($sqlfraga, $dbconnect);
if(!$res){
// Error: log it, abort or whatever
echo 'Query failed: ' . mysql_error();
}else{
// Read rows
}
I also recommend you to enable full error reporting (at least in your
dev box). Edit your php.ini file or add this to the top of the script:
ini_set('display_errors', 1);
error_reporting(E_ALL);
--
--http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:http://bits.demogracia.com
-- Mi web de humor al baño María:http://www.demogracia.com
--
tanks for the help all of you guys.. the escaping being wrong i was
already aware of, i was in a bit of hurry when i set them up and i saw
that it was wrong just after posting this...
anyways the problem was that i named the table administrators in the
database and i wrote administrator in the querry, so all i really
needed was an "s"... This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Manu J |
last post by:
Hi,
i have a login script which makes use of sessions.
Login script
***********
session_start()
.....
.....
....
|
by: koolyio |
last post by:
Hey, could you please tell me what is wrong with my login script. I
just started learning php.
CODE:
login.php
<?
session_start();
header("Cache-Control: private");
?>
|
by: nao921 |
last post by:
Hi everyone,
I am currently involved in a project that involves a windows client
program written in delphi and a web application written in php. I
have made several php pages for the delphi...
|
by: simo |
last post by:
I've written a pretty big wxPython script, and I thought I'd split the
source into a few files.
I'm going to have a main.py file which includes global defs, wxApp
initialisation code,...
|
by: Ira Lee |
last post by:
Hi. I'm having a bit of trouble using a Perl script that will login to
a secure website... and then access subsequent pages with a cookie.
This works when accessing manually via the browser...
| |
by: Graham Campbell |
last post by:
I have a login script to a website where a user logs in through a
standard webform with a username and password that needs to be
validated. My problem is that IE6 doesn't seem to pick up on valid...
|
by: Tamer Higazi |
last post by:
Hi!
I wrote a small script setting a cookie.... but nothing is being set.
What could be the problem?! Did I make something wrong?! One script is
used to ask for the cookie and the other one shows...
|
by: ZMan |
last post by:
Scenario:
This is about debugging server side scripts that make calls to
middle-tier business DLLs. The server side scripts are legacy ASP 3.0
pages, and the DLLs are managed DLLs...
|
by: Assimalyst |
last post by:
Hi,
I am creating a website where i want to allow some webforms to be
accessible to all users, and those in a subdirectory available only to
authenticated users.
I have created a script to...
|
by: kang jia |
last post by:
hi
i have small problems occurred in my login function, which i use Django to build,
in my template which is login.html, the code is like the following:
<html>
<head>...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |