0

I am creating a login form which queries a database as to whether a user exists. This script works fine on my own server but once I tried it on my college server, I got the error in the title. I think the problem is something to do with my SQL query but I am not really sure to be honest.

<?php
$dbhost="localhost"; 
$username="v22comp_B09052"; 
$password="-"; 
$db="v22comp_B09051-12-13"; 
$table="secrets"; 

// Connect to the database
mysql_connect("$dbhost", "$username", "$password") or die ("Can not connect to the database"); 
mysql_select_db("$db") or die ("Database is not selectable");

//Post input
$inputusername=$_POST['uid']; 
$inputpassword=$_POST['upassword']; 

//Check input
$sql="SELECT * FROM $table WHERE username='$inputusername' and password='$inputpassword'";
$sqlop=mysql_query($sql);

//If a row matches, output a string informing the user that they are logged in. If not, output a string informing them that they are not
$rowmatch=mysql_num_rows($sqlop);
if($rowmatch==1)
{
echo "You are now logged in";
}
else 
{
echo "Invalid ID or password";
}
?>
Flimzy
  • 68,325
  • 15
  • 126
  • 165
ech0
  • 3
  • 2
  • If a `mysql_query()` fails, it returns `FALSE`, which is not a valid 'Resource'. Thats why you are receiving an error when you try to `mysql_num_rows()` it. Check for errors after performing the query. Data provided by `mysql_error()` may be useful. – Havenard Oct 08 '13 at 22:37
  • 1
    You are vulnerable to [SQL injection attacks](http://bobby-tables.com). Stop working on this code until you've learned how to program defensively. – Marc B Oct 08 '13 at 22:38
  • Check if query fails: `$sqlop = mysql_query($sql) or die('Error');` – WebNovice Oct 08 '13 at 22:39
  • And to make SQL injection even more fun, OP stores passwords as plaintext – Mark Baker Oct 08 '13 at 22:53

2 Answers2

0

You are correct, there is somthing wrong with the query. When a query goes wrong, it returns false, hence the boolean error.

y--
  • 588
  • 2
  • 10
  • 26
  • 1
    often moving servers will change the table name prefix (especially when you use cPanel etc to set everything up) - might need to change table name...? – scrowler Oct 08 '13 at 22:39
0

From my point of view there is an error in the SQL Statement. That's why it does not return a resource for a result set, but an assumed boolean 'false'. Maybe you forgot to create the table you try to select data from?

Markus
  • 192
  • 6