-6

I am following along with a tutorial series here: https://www.youtube.com/watch?feature=player_embedded&v=bribF8a3fgo and I am using the below code, and yes, i know there are better ways to do this. Although I am getting this error: 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in   /Applications/XAMPP/xamppfiles/htdocs/friends/login.php on line 26

Im not sure why, Im pretty sure I am typing everything right, but I'm not sure. Mind taking a look? Thanks.

<html>
<head>
<title>Login - Friend System</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
    <?php include 'connect.php'; ?>

<?php include 'functions.php'; ?>

<?php include 'header.php'; ?>

<div class="container">
<h3>Login</h3>
<form method="post">
<?php
    if (isset($_POST['submit'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        if (empty($username) or empty($password)) {
            $message = "Fields Empty, Please Recheck";
        }else {
            $check_login = mysql_query("SELECT id FROM users WHERE username='$username' AND password='" . md5($password) . "'");     


            if(mysql_num_rows($check_login) == 1) {
                $message = "Ok!";
            } else {
                $message = "Username and/or password incorrect!";
            }
        }

        echo "<div class='box'>" . $message . "</div>";
    }
?>
    Username: <br/>
    <input type="text" name="username" autocomplete="off"/>
    <br/><br/>

    Password: <br/>
    <input type="password" name="password" />
    <br/><br/>

    <input type="submit" name="submit" value="Register">
</form>
</div>

</body>
</html>

Line 26 is:

if(mysql_num_rows($check_login) == 1) {
Harrison Howard
  • 133
  • 2
  • 4
  • 14

2 Answers2

2

If the query fails it will return the boolean FALSE instead of a result set resource.

You should always check if the return value signals an error, and then handle the error in a meaningful way, for example by logging the error message. For example:

if ($check_login === false) {
    die("Error in query: ".mysql_error());
}

if (mysql_num_rows($check_login) == 1) { ...

By the way, this old mysql API is deprecated and should not be used in new PHP code. The recommendation is to use PDO or mysqli instead.

Joni
  • 105,306
  • 12
  • 136
  • 187
  • Wait so should that solve my error, and in return log me in? – Harrison Howard Mar 24 '13 at 18:39
  • The error message, which you can access using `mysql_error`, will tell you what exactly is wrong with the query. Maybe the table doesn't exist in the database where you connect to, or maybe you made a mistake when typing in the name of the column. I don't see any obvious syntax error.

    Also, downvoter, care to comment?     – Joni Mar 24 '13 at 18:43
  • Okay thanks, but where in my code would I put that, i tried putting "echo $mysql_error;" underneth "if(mysql_num_rows($check_login) == 1) {" and I am still getting the same error in the same place as before. My code now: http://pastebin.com/iKkxNF04 – Harrison Howard Mar 24 '13 at 18:52
  • you have to put it before, like in the code sample in the answer.. also, mysql_error is a function, not a variable, like in the answer – Joni Mar 24 '13 at 18:53
  • okay I got the error: `Error in query: Unknown column 'username' in 'where clause'` I am officially an idiot. I cant spell username right in the database. haha – Harrison Howard Mar 24 '13 at 18:56
0

$check_login's context is not a valid query. "SELECT" is the correct term. Anytime the query is invalid it'll return that error.

$check_login = mysql_query("SELECT id FROM users WHERE username='$username' AND password='" . md5($password) . "'");
cygorx
  • 136
  • 1
  • 1
  • 18