1 Replies - 306 Views - Last Post: 11 August 2010 - 03:29 PM Rate Topic: -----

#1 Guest_JavaScript Extraordinare*


Reputation:

MySql Login Help

Posted 11 August 2010 - 03:24 PM

I want a simple login script (I just started php, so I'm definately notgood with php yet).
My current code:
	ob_start();
	$host = "localhost";
	$user = "root";
	$pass = "imlearningphp396";
	$dbname = "personal";
	$connect = mysql_connect($host, $user, $pass);
	if (!$connect)
		die ("Could not connect: " . mysql_error());
	mysql_select_db("$dbname");
	$username = $_POST["myusername"];
	$password = $_POST["mypassword"];
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	$sql = "SELECT * FROM `users` WHERE `Username` = \'$username\' AND `Password` = \'$password\'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);
	if ($count==1){
		session_register("username");
		session_register("password");
		header("Location:loginsuccess.php");
	}
	ob_end_flush();


Whenever I go to the login.php page, it gives me this error:

Quote

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\x\xampp\htdocs\login.php on line 19


Is This A Good Question/Topic? 0

Replies To: MySql Login Help

#2 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: MySql Login Help

Posted 11 August 2010 - 03:29 PM

That's because you're unnecessarily escaping single quotes in a double-quoted string. Remove the backslashes.

Also, for future reference:
  • You should not assume your query will succeed.
  • Your variables were null when they went into your query, causing a syntax error.
  • Never use plain-text passwords. Also hash them for security. For added security, you should consider adding a random salt as well.


	ob_start();
	$host = "localhost";
	$user = "root";
	$pass = "imlearningphp396";
	$dbname = "personal";
	$connect = mysql_connect($host, $user, $pass);
	if (!$connect)
		die ("Could not connect: " . mysql_error());
	mysql_select_db("$dbname");
	$myusername = $_POST["myusername"];
	$mypassword = $_POST["mypassword"];
	$myusername = stripslashes($myusername);
	$mypassword = sha1(stripslashes($mypassword));
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	$sql = "SELECT * FROM `users` WHERE `Username` = '$myusername' AND `Password` = '$mypassword'";
	$result = mysql_query($sql);
	if(!$result)
	{
		error_log("Query failed: " . mysql_error());
		die("There was an error with the database.  It has been logged.");
	}
	$count = mysql_num_rows($result);
	if ($count==1){
		session_register("username");
		session_register("password");
		header("Location:loginsuccess.php");
	}
	ob_end_flush();


This post has been edited by Valek: 11 August 2010 - 03:33 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1