0

I am using the below loging script and i am getting this error and it wont log in.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\hewden_spms\login.php on line 41

my database:

id | username | password

1     mark      password

script:

<html>
    <head>

    </head>
    <body>

 <?php

 $host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="hewden1"; // Database name 
$tbl_name="spms.admin_members"; // Table name 



// Connect to server and select databse.
 mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");



// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 



// To protect MySQL injection (more detail about MySQL injection)
 $myusername = stripslashes($myusername);
 $mypassword = stripslashes($mypassword);
 $myusername = mysql_real_escape_string($myusername);
 $mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
 $result=mysql_query($sql);



// Mysql_num_row is counting table row
 $count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
 session_register("myusername");
 session_register("mypassword"); 
header("location:dashboard.php");
 }
 else {
 echo "Wrong Username or Password";
 }
 ?>



     <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
 <tr>
<form name="form1" method="post" action="<?=$_SERVER['PHP_SELF']?>" >
 <td>
 <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
 <tr>
 <td colspan="3"><strong>Member Login </strong></td>
 </tr>
 <tr>
 <td width="78">Username</td>
 <td width="6">:</td>
 <td width="294"><input name="myusername" type="text" id="myusername"></td>
 </tr>
 <tr>
 <td>Password</td>
 <td>:</td>
 <td><input name="mypassword" type="text" id="mypassword"></td>
 </tr>
 <tr>
 <td>&nbsp;</td>
 <td>&nbsp;</td>
 <td><input type="submit" name="Submit" value="Login"></td>
 </tr>
 </table>
 </td>
</form>
</tr>
 </table>   


</body>

</html>
Sulthan Allaudeen
  • 11,330
  • 12
  • 48
  • 63
user3488706
  • 11
  • 2
  • 7
  • Post your html code. In that you should use the Email and Password as myusername and mypassword. – Sulthan Allaudeen Apr 10 '14 at 08:20
  • the html code is posted, at the bottom – user3488706 Apr 10 '14 at 08:22
  • Yes i noted just now. I will edit the code and rectify now. – Sulthan Allaudeen Apr 10 '14 at 08:23
  • 2
    Your PHP and HTML execute at the same time so if you access your page without sending a post request it will give you the `Undefined index` since the form was not yet submitted and `$_POST['myusername']` is not set yet. You don't need to use `stripslashes` as `mysql_real_escape_string` alone is enough. [**Here see this answer on how to solve that**,](http://stackoverflow.com/a/18971788/342740) it also uses MySQLi with prepared statement which you should consider switching to as its safer and not deprecated. – Prix Apr 10 '14 at 08:23
  • I have answered the question. Kindly check it out. – Sulthan Allaudeen Apr 10 '14 at 08:32

1 Answers1

0

If these are in the same page, the script is attempting to read $_POST['myusername'] and $_POST['mypassword'] immediately on the first page load - when they haven't been posted yet. I'd put all the PHP in a block, checking for an (isset($_POST['myusername'])) or some other posted variable. That way the PHP only tries to log you in once you actually post data.

Unrelated, I'd suggest moving to mysqli_ functions, as MySQL_ is now deprecated.

Helpful
  • 702
  • 4
  • 16