I have this piece of PHP code:
<?php
$username=$_POST['username'];
$password=$_POST['password'];
if($username&&$password){
$connect=mysql_connect("localhost","root","") or die(" Couldnt connect");
mysql_select_db("phplogin") or die ("Can't find database" .mysql_error());
$query=mysql_query("SELECT * users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
if (!$query) {
die('Invalid query: ' . mysql_error());
}
}
else
die ("Enter username and password!") .mysql_error();
?>
However, when I try to run this code I get these errors:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\PHP testing\login.php on line 9
and
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'users WHERE username='alex'' at line 1
Can someone explain to me what I'm I doing wrong here?
You must specify a table from which you're selecting with FROM keyword:
$query=mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
you should really check for errors after your query, then the system will tell you what is wrong
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numrows = mysql_num_rows($query);
as #mike commented, your select query is missing the from bit
"SELECT * FROM users WHERE username='$username' "
Well Your code is vulnerable to SQL Injection Attack
$username=$_POST['username'];
$password=$_POST['password'];
instead of above use this code
$username= mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$connect = mysql_connect("localhost","root","") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find db");
$result = mysql_query("SELECT * FROM admin", $connect);
$numrows = mysql_num_rows($result);
and it will evaluate resource
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numberOfRows = mysql_num_rows($query);
echo $numberOfRows;
Related
I am having trouble on getting the MySQL column. EVERYTHING in mysql is set with the username, password, database, table, and the column.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given
in /Applications/XAMPP/xamppfiles/htdocs/socialhut/login.php on line 8
Here's the code for login.php:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysqli_connect("localhost","root","","data");
$sql = "SELECT * FROM userdata WHERE username='$username' and password='$password'";
$query = mysql_query($sql);
$result = mysql_num_rows($query);
if ($result==1){
session_register($username);
session_register($password);
header('location:members.php');
}else{
mysql_error();
}
?>
Can anyone figure it out?
Thanks!
You're mixing mysqli and mysql calls in the same code. You can't do that.
Try this:
$conn = mysqli_connect("localhost","root","","data");
$sql = "SELECT * FROM userdata WHERE username='$username' and password='$password'";
$query = mysqli_query($conn, $sql);
if ($query === false) {die(mysqli_error($conn));}
$result = mysqli_num_rows($query);
I keep having an error in mysql_fetch_(assoc,array,row) I can't find the problem and when I try to count the rows of the result by using echo the result is 1
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Jocales\login.php on line 88
in query SELECT * FROM users WHERE uName ='nuha' AND uPassword = '123'
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
?>
Change
$record=mysql_fetch_assoc($query)
To
$record=mysql_fetch_assoc($result)
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
WARNING: You code is vulnerable to SQL Injection.
use this code ( replace $query with $result )
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
?>
The function mysql_fetch_assoc() expects one parameter and it should be a resource type. You're providing a string.
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
//this is the issue!
$record = mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
the last statement should be
$record = mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
NOTE (straight from php.net about mysql_*)
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Putting aside the SQL Injection and other security issues I am having a problem trying to get the following piece of code to work. I know I am close but cannot figure out how to do it. Currently I am receiving this error message:
"Successful Connection
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\proper\checklogin.php on line 30
wrong username/password"
Checklogin.php
<?php
session_start();
// Connect to server and select databse.
$conn= mysqli_connect("localhost", "root", "")
or die ('No connection');
print "Successful Connection";
mysqli_select_db($conn , 'ssssg3') or die ('database will not open');
// username and password sent from form
$email=$_POST['email'];
$password=$_POST['password'];
$sql = "SELECT * FROM log_in_info where email=$email";
$result=mysqli_query($conn, $sql);
$row=mysqli_fetch_array($result);
if ($row['password'] == $password) {
header('location:main1.php');
}
else
{
echo 'wrong username/password';
}
?>
$sql = "SELECT * FROM log_in_info where email=$email";
This is where your error rests. Try:
$sql = "SELECT * FROM log_in_info where email='$email'";
The query fails, because you need to put literals into ' '.
Be sure to check the return value of mysqli_query and use mysqli_error to determine the actual error message.
To do some proper error checking I suggest (assuming that $email is properly escaped)
$sql = "SELECT * FROM log_in_info where email='$email'";
if(!$sql) die(mysqli_error($conn));
Notice, it's not Error message. "Undefined index: password" means, what you accessing array key, what not exists. To avoid id you can use some like this (for you code):
if (array_key_exists( 'password', $row ) and $row['password'] === $password) {
I am trying to retrieve multiple rows from the database and process it for response as service using php code, but I wouldn't retreive all values, only first row from the table is displaying, how can I make dis to work?
Here is my code:
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("testing",$conn);
$sql="insert into login (src,dest)values('$from','$tona')";
$result=mysql_query($sql,$conn) or die(mysql_error());
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
setcookie('a',$numrows);
Note the use of _mysql is discouraged for new development ... please read this on selecting a new API
This is pretty basic but you need to loop the returned result like so :
$res = mysql_query("SELECT * FROM login");
while ($row = mysql_fetch_array($res, MYSQL_BOTH)) {
// your columns are accessible using
$row['columnname'];
// or
$row[columnnumber];
}
Docs for mysql_fetch_array are here
mysql_query returns a resource on success or false on failure
do like this
<?php
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("testing",$conn);
$sql="insert into login (src,dest)values('$from','$tona')";
$result=mysql_query($sql,$conn) or die(mysql_error());
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
while ($result=mysql_fetch_array($res)){
echo $result['src']."<br/>";
}
setcookie('a',$numrows);
mysql_* is deprecated
use
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
while($row = mysql_fetch_assoc($res))
{
print_r($row);
}
I see that you using mysql instead of mysqli. Try changing to mysqli instead, because this will become the new standard. As of version PHP 5.5.0 mysql will become deprecated.
I'm trying to get the user's login details from the database using $SETTINGS["admin_username"] and also the password. I have defined them as 'user' (for username) and pass (for password), and I want them to be pulled from database table userLogin.
Any ideas? Please help, I have tried everything but the page either doesn't open or it doesn't work at all.
<?php
error_reporting(0);
$SETTINGS["admin_username"]='user';
$SETTINGS["admin_password"]='pass';
$SETTINGS["mysql_user"]='user';
$SETTINGS["mysql_pass"]='pass';
$SETTINGS["hostname"]='localhost';
$SETTINGS["mysql_database"]='db_db';
$connection = mysql_connect($SETTINGS["hostname"], $SETTINGS["mysql_user"], $SETTINGS["mysql_pass"]) or die ('request "Unable to connect to MySQL server."'.mysql_error());
$db = mysql_select_db($SETTINGS["mysql_databas… $connection) or die ('request "Unable to select database."');
?>
I can't read your code, so I try to write it again, here:
<?php
error_reporting(0);
$SETTINGS["admin_username"]='user';
$SETTINGS["admin_password"]='pass';
$SETTINGS["mysql_user"]='user';
$SETTINGS["mysql_pass"]='pass';
$SETTINGS["hostname"]='localhost';
$SETTINGS["mysql_database"]='db_db';
$connection = mysql_connect($SETTINGS["hostname"], $SETTINGS["mysql_user"], $SETTINGS["mysql_pass"]) or die ('request "Unable to connect to MySQL server."'.mysql_error());
$db = mysql_select_db($SETTINGS["mysql_database", $connection) or die ('request "Unable to select database."');
$sql = "SELECT * FROM userLogin LIMIT 1";
$rs = mysql_query($sql, $connection) or die(__LINE__.":".mysql_error());
while(false !== ($r = mysql_fetch_assoc($rs)))
{
$SETTINGS["admin_username"]=$r['field_user'];
$SETTINGS["admin_password"]=$r['field_pass'];
}
?>
Notice this line:
$sql = "SELECT * FROM userLogin LIMIT 1";
I use this in assumption that you only have 1 entry on table userLogin. If it's not, maybe you can use the following alternative query (because I don't know your current table's schema):
$sql = "SELECT * FROM userLogin WHERE field_user = 'admin'";
For starters, you've got an error in your syntax, Line 12 (and so does silent in his reproduction):
$db = mysql_select_db($SETTINGS["mysql_databas… $connection) or die ('request "Unable to select database."');
I'm guessing you want
$db = mysql_select_db($SETTINGS["mysql_database"], $connection) or die ('request "Unable to select database."');