3 replies to this topic

[CJP89]

Hi there I've been trying to follow a tutorial for making a quick and simple Login script Using PHP and MySQL: Here

Below is how i have adapted the code to work on my web server:

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login Form</title>
</head>
<body>
<?
mysql_connect("localhost","muzosroc_CJP89","donkey123"); // Connect to the MySQL server
mysql_select_db("muzosroc_users"); // Select your Database
if(isset($_SESSION['loggedin']))
{
	die("You are already logged in!");
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['submit']))
{
   $name = mysql_real_escape_string($_POST['username']); // The function mysql_real_escape_string() stops hackers!
   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
   $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
   if(mysql_num_rows($mysql) < 1)
   {
	 die("Password was probably incorrect!");
   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
   die("You are now logged in!"); // Kill the script here so it doesn't show the login form after you are logged in!
}
?><form type='login.php' method='POST'>
Username: <br>
<input type='text' name='username'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form> <!-- That set up the form to enter your password and username to login.-->
</body>
</html>

I get this error when i log in using "admin" and "admin for both name and password respectively, just to test. They've both had their values added to my database which is on the server:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/muzosroc/public_html/login.php on line 21
Password was probably incorrect!


Any ideas guys? Thanks in Advance

[rc69]

http://www.pixel2lif...showtopic=36853

[CJP89]

Well i knew that already haha, but can you see what the problem could be?
This seems to be the problem area:

$name = mysql_real_escape_string($_POST['username']); // The function mysql_real_escape_string() stops hackers!
   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
   $mysql = mysql_query("SELECT * FROM 'db_users' WHERE name = '{$name}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
   if(mysql_num_rows($mysql) < 1)
   {
	 die("Password was probably incorrect!");
   } // That snippet checked to see if the number of rows the MySQL

The details on the server lists the database as :"muzosroc_users" and the table is "db_users".

I'm guessing it's something to do with the query being run.

I've not got much experience with MySQL or PHP, so I'm really not sure what else is wrong, but I'm here to learn.

Edited by CJP89, 02 March 2010 - 07:38 AM.

[rc69]

Read the link i provided you in my previous post.

Without details on what the mysql_error() is, it's hard to say. At first glance, i would assume it's that you're using single quotes (') instead of back-ticks (`) around your table name.

Edited by rc69, 02 March 2010 - 08:32 PM.