Hello, I've been using a book to learn php, and when I try to make it work for my own use, there seems to be an error when I try to login. First it says that the log in is invalid, and it comes up with this warning message:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\Program Files\wamp\www\loginsite\login.php on line 25

if (!empty($user_username) && !empty($user_password)) {
        // Look up the username and password in the database
        $query = "SELECT user_id, username FROM mismatch_user WHERE username = '$user_username' AND password = SHA('$user_password')";
        $data = mysqli_query($dbc, $query);

//below is line 25 of code
        if (mysqli_num_rows($data) == 1) {
          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
          $row = mysqli_fetch_array($data);
          $_SESSION['user_id'] = $row['user_id'];

I can post more code if I need to

Thanks

Okay usually I use supressants on mysqli_num_rows as if there is 0 rows it will return this error.

Try running a query that you know deffinetly exists in your database.

think of using -
if (mysqli_num_rows($data) !=0 || mysqli_num_rows($data)!=FALSE)
{
}

why exatly are you using mysqli and not simply mysql?

Froger93: I don't understand what you really mean. Could you explain a little more?

Network18: I tried replacing the line with what you did, but I still got two errors this time:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\Program Files\wamp\www\loginsite\login.php on line 25

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\Program Files\wamp\www\loginsite\login.php on line 25
But they appear to be the same.

EDIT: I fixed the error because of a stupid mistake, but now, I still can't login, when I inputed the username/password myself using MySQL console.

Mine and networks solutions do the same thing but make sure you use the @ infront of the num_rows functions incase the query didn't return any rows, this is most likely happening because the query didn't return any results.

As I said before try inputing data into the form that you know really does exist in your database.

its fine and using @ in front of the mysql_num_rows() will supress any warning you getting.

I tried what you just said, but it still does not work. To show you, here is the data for the database, but I don't know why it won't work:

mysql> select * FROM login;
+---------+---------------+-------------+--------+
| user_id | username | password | name |
+---------+---------------+-------------+--------+
| 1 | phouse512 | ---------- | Philip |
| 2 | admin | admin | admin|
+---------+---------------+-------------+--------+
2 rows in set (0.00 sec)

Here's the login code:

<?php
  require_once('connectvars.php');

  // Start the session
  session_start();

  // Clear the error message
  $error_msg = "";

  // If the user isn't logged in, try to log them in
  if (!isset($_SESSION['user_id'])) {
    if (isset($_POST['submit'])) {
      // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

      // Grab the user-entered log-in data
      $user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
      $user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));

      if (!empty($user_username) && !empty($user_password)) {
        // Look up the username and password in the database
        $query = "SELECT user_id, username FROM login WHERE username = '$user_username' AND password = SHA('$user_password')";
        $data = mysqli_query($dbc, $query);

        if (@mysqli_num_rows($data) == 1) {
          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
          $row = mysqli_fetch_array($data);
          $_SESSION['user_id'] = $row['user_id'];
          $_SESSION['username'] = $row['username'];
          setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days
          setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));  // expires in 30 days
          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
          header('Location: ' . $home_url);
        }
        else {
          // The username/password are incorrect so set an error message
          $error_msg = 'Sorry, you must enter a valid username and password to log in.';
        }
      }
      else {
        // The username/password weren't entered so set an error message
        $error_msg = 'Sorry, you must enter your username and password to log in.';
      }
    }
  }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Mismatch - Log In</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h3>Mismatch - Log In</h3>

<?php
  // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in
  if (empty($_SESSION['user_id'])) {
    echo '<p class="error">' . $error_msg . '</p>';
?>

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <fieldset>
      <legend>Log In</legend>
      <label for="username">Username:</label>
      <input type="text" name="username" value="<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
      <label for="password">Password:</label>
      <input type="password" name="password" />
    </fieldset>
    <input type="submit" value="Log In" name="submit" />
  </form>

<?php
  }
  else {
    // Confirm the successful log-in
    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '.</p>');
  }
?>

</body>
</html>
Member Avatar for diafol
$data = mysqli_query($dbc, $query);

Should this be:

$data = mysqli_query($query, $dbc);

Having not used mysqli - I can't comment, but I think the first parameter should be the query, then the connection link identifier.

$data = mysqli_query($dbc, $query);

Should this be:

$data = mysqli_query($query, $dbc);

Having not used mysqli - I can't comment, but I think the first parameter should be the query, then the connection link identifier.

Nope, for some reason they swapped them for mysqli, although if no connection is specified, it will default to that last connection that was established I believe. :)
http://www.php.net/manual/en/mysqli.query.php

commented: Thanks Will - didn't know that +4

Rather than:

$data = mysqli_query($dbc, $query);

Try this:

if (!$data = mysqli_query($dbc, $query)) {
    printf("Error message: %s\n", mysqli_error($dbc));
}

It should throw an error in the SQL statement.

It still didn't work

Do you have phpMyAdmin?

If you do, copy the query from your script and run it directly in there.

You say 'It still didn't work', do you mean it does exactly the same, or are you getting additional/different errors after changing the code?

Sorry, I was in a hurry

But I added the ifthen statement that you had, but I'm still getting the 'enter a valid password and username' error. I do have phpMyAdmin, so do you mean to do something like this:

SELECT user_id, username FROM login WHERE username = '$user_username' AND password = SHA('$user_password')

EDIT: I see where I messed up, in the example there is the SHA encryption, but its not encrypted in the database. So I fixed it now

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.