By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,303 Members | 1,260 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,303 IT Pros & Developers. It's quick & easy.

What is wrong in my source-code?

P: n/a
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}

But this script generate and error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

Thanks.

Karl
Sep 7 '08 #1
Share this Question
Share on Google+
6 Replies


P: n/a
ka*******@gmail.com schreef:
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}

But this script generate and error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

Thanks.

Karl
What's wrong depends on the contents of your 'connect.inc' file

You should watch out for people who's name is "; DELETE * FROM users;"

--
Luuk
Sep 7 '08 #2

P: n/a
On 7 Sep, 15:17, Luuk <L...@invalid.lanwrote:
karlar...@gmail.com schreef:
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b
This is my login code in PHP:
if(isset($_POST['login'])){
* *// Connect and select database
* * * * * *include ('connect.inc');
* * * * * *$sql = "SELECT * FROM users";
* * * * * *$sql .= "WHERE username ='" . $_POST['username'] . "' ";
* * * * * *$sql .= "AND password='" . $_POST['password'] . "' ";
* * * * * *$results = mysql_query($sql, $dblink);
* * * * * *if(mysql_num_rows($results) != 0){
* * * * * * * * * *echo "OK!";
* * * * * *} else {
* * * * * * * * * *echo "ERROR";
* * * * * *}
* *}
But this script generate and error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR
How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?
Thanks.
Karl

What's wrong depends on the contents of your 'connect.inc' file

You should watch out for people who's name is "; DELETE * FROM users;"

--
Luuk
Here is the connect.inc file
<?php
$dblink = mysql_connect("localhost", "root", "");
$velg_db = mysql_select_db("local");
?>
Sep 7 '08 #3

P: n/a
ka*******@gmail.com wrote:
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}

But this script generate and error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

Thanks.

Karl
This question has been asked many times in this newsgroup, as a quick
search would have told you. Figure out what's wrong with your SQL
statement and fix it.

And next time try checking the results of function calls to see if the
calls worked or not, rather than just assuming they did.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 7 '08 #4

P: n/a
<ka*******@gmail.comschreef in bericht
news:89**********************************@k37g2000 hsf.googlegroups.com...
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
echo this string to screen, and you will see: "SELECT * FROM usersWHERE
username" ...
Sep 7 '08 #5

P: n/a
Jensen Somers wrote:
Luuk wrote:
>ka*******@gmail.com schreef:
>>Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b

This is my login code in PHP:

if(isset($_POST['login'])){

// Connect and select database
include ('connect.inc');

$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";
$sql .= "AND password='" . $_POST['password'] . "' ";
$results = mysql_query($sql, $dblink);
if(mysql_num_rows($results) != 0){
echo "OK!";
} else {
echo "ERROR";
}
}

But this script generate and error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in D:\xampp\htdocs\index.php on line 42
ERROR

How can I fix this?
Users on my locale server have to login to see my pages. Their
username and password are stored in the database. Is it another way to
write a login script that check the user name and password?

If your query fails $result will be FALSE thus mysql_num_rows() will
also fail. Print $sql to the screen and print mysql_error() to the
screen to debug your code and check if no error occurred.
>>Thanks.

Karl
What's wrong depends on the contents of your 'connect.inc' file

You should watch out for people who's name is "; DELETE * FROM users;"

MySQL does not allow you to perform 2 queries within 1 call.
Nevertheless are you correct, $_POST should be escaped before adding it
into a query string.
Incorrect. MySQL is perfectly happy with performing more than one query
in a single call. The only limitation is in the mysql interface from
the PHP side. If this limitation is removed or the op switches to using
the mysqli interface, he will have a potential serious exposure.

ALWAYS validate ALL data sent by the client!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 7 '08 #6

P: n/a
On 7 Sep, 15:39, "mijn naam" <whate...@hotmail.invalidwrote:
<karlar...@gmail.comschreef in berichtnews:89**********************************@k 37g2000hsf.googlegroups.com...
Hello.
I am using Xampp on Windows Vista.
PHP 5.2.6
MySql 5.0.51b
This is my login code in PHP:
if(isset($_POST['login'])){
// Connect and select database
include ('connect.inc');
$sql = "SELECT * FROM users";
$sql .= "WHERE username ='" . $_POST['username'] . "' ";

echo this string to screen, and you will see: *"SELECT * FROM usersWHERE
username" ...
Thank you very much!
Thank you all of you for all good answer!

Karl
Sep 7 '08 #7

This discussion thread is closed

Replies have been disabled for this discussion.