0

The following code is being used to create a simple log in form. However when it is run it brings up an error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in

N:\ftp\compc\cw12gh\COM570\check_login.php on line 34 Wrong Username or Password

Line 34 is $count=mysql_num_rows($result);

Any suggestions as to how to fix this?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Check Log In</title>
</head>

<body>
<?php

$host="localhost"; // Host name 
$username="*****"; // Mysql username 
$password="******"; // Mysql password 
$db_name="******************"; // Database name 
$tbl_name="teachers"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
</body>
</html>
Community
  • 1
  • 1
Hannah Glasgow
  • 1
  • Here is [an Answer](http://stackoverflow.com/a/33665819) I wrote for a registration page and a login page setup in `mysqli` and `pdo`. Uses hashed passwords, not cleartext. You may choose to look into it sometime – Drew Nov 23 '15 at 16:46
  • You can't output content before using the `header` function. `Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.` -http://php.net/manual/en/function.header.php – chris85 Nov 23 '15 at 16:54

2 Answers2

-1

You should use the return value of mysql_connect, and store it, like:

$con = mysql_connect($host, $username, $password)

...then use it as first argument to the mysql_query function:

$result=mysql_query($con, $sql);

Having said this, please know that these functions are deprecated. You should move to mysqli or PDO syntax.

trincot
  • 263,463
  • 30
  • 215
  • 251
-1

it can be that your query is failing for some reason, try

 $link  = mysql_connect("$host", "$username", "$password")or die("cannot connect");

    //....

   $sql="SELECT * FROM ".$tbl_name." WHERE username='".$Email."' AND password ='".$Password."'";

    $result=mysql_query($sql, $link) or die ('Unable to run query:'.mysql_error());

OR

if(!$result) die ('Unable to run query:'.mysql_error());

so When query fails, it returns FALSE, hence the BOOLEAN you are passing to mysql_num_rows(); You should always check if a result actually exists before going on with your code.

Hardy Mathew
  • 615
  • 1
  • 5
  • 21
  • Thank you! This got rid of the errors, now it's saying that i'm entering incorrect username or password but they aren't incorrect so I'm assuming there's something wrong with the link to the database table. – Hannah Glasgow Nov 23 '15 at 17:07
  • ~Hannah Glasgow you need to chek by echo your query and execute that with your db , please approve my answer if its work for you. Thanx. – Hardy Mathew Nov 23 '15 at 17:10