0

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given iam unable to login and above given error is notified.suggest the correction.thank you. Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given iam unable to login and above given error is notified.suggest the correction.thank you.

    <html>
         <head>
             <title>Login page</title>
         </head>
             <style type='text/css'>
                 body{
                       background:url('Login.jpg');
                     }
             </style>
         <body>
             <form method ='post' action='login.php'>
                 <table width='400' border='5' align='center'>
                     <tr>
                         <td colspan='5' align='center'><h1><font color="MediumBlue">Login form</h1></font>
                         </td>

                     </tr>
                     <tr>
                         <td><font color='DarkOrange'>email</font>
                         </td>
                         <td><input type='text' name='email'/></td>
                     </tr>
                     <tr>
                         <td><font color='DarkOrange'>Password</font></td>
                         <td><input type='password' name='pass'/></td>
                     </tr>
                     <tr>
                         <td colspan='5' align='center'><input type='submit' name='login' value='login'/> </td>
                     </tr>
             </form>

                         <font color="LightSalmon"><h2><p style="position: fixed; bottom: 50%; width:100%; text-align: center"> Not registered yet?<a href='registration.php'>Sign up here</a>
                </p><h2></font>




        </body> 
    </html>
<?php
    $connection=mysqli_connect("localhost","root","","user_db");
    if(isset($_POST['login'])){
    $user_Email=$_POST['email'];
    $user_password=$_POST['pass'];

if($user_Email==''){
echo "<script>alert('please enter your email')</script>";
exit();
}

if($user_password==''){
echo "<script>alert('please enter your password')</script>";
exit();
}
    $check_user="select * from users where user_email =='$user_Email' AND user_password =='$user_password'";
    $result= mysqli_query($connection,$check_user);
    $count=mysqli_num_rows($result);
    if ($count==1)
    {

    echo"<script>window.open('welcome.php','_blank')</script>";

    }
    else{
    echo"<script>alert('username or password is incorrect')</script>";
    }
    }

    ?>
Prithish Babu
  • 11
  • 3

2 Answers2

6

Change both == in user_email =='$user_Email' AND user_password =='$user_password' to singles =

user_email ='$user_Email' AND user_password ='$user_password'

In regards to password storage. You seem to be using plain text; don't. If you're planning on going LIVE with this, it's just a matter of time before you get hacked, really.

Use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Plus, use prepared statements, or PDO with prepared statements, they're safer.

As it stands, your present code is open to SQL injection.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,372
  • 15
  • 66
  • 132
0

Probably you should check if mysqli_query() doesn't return false in case of failure - for example: if there is empty result.

Matzach
  • 32
  • 2