mysql_num_rows(): supplied argument is not a valid MySQL result resource Problem

function user_login ($username, $password)
{
   //take the username AND prevent SQL injections
   $username = mysql_real_escape_string($username);
 ...
}

The problem is that you are connecting to the database OUTSIDE of your user_login() function, but inside the function you are using mysql-related functions. These mysql-related functions need to "see" the opened connection to the db. However, once you call the function, the connection to the db ("stored" in the $db variable) is NOT "visible" within the function. So, what you need to do is:
a. change the function so it accepts the connection as the third parameter. function user_login ($username, $password,$conn){...} and when you call the function make sure you pass the variable that holds a reference to the connection (in your case the $db variable): user_login('peter','secret',$db) OR
b. declare the $db variable global within your function:

function user_login ($username, $password)
{
  global $db;
   //take the username AND prevent SQL injections
   $username = mysql_real_escape_string($username);
 ...
}

I have tried the second option. and did not work. Not sure how to do the first option as i am new to coding. Please keep trying.

I have tried the second option. and did not work. Not sure how to do the first option as i am new to coding. Please keep trying.

I have had someone else help fix it. So now it works but when i try to login i get Invalid Username/Password. I looked and when they register it gets md5 of password. i not sure if when they login it does the same.

line 29 of your original register.php you have:

...WHERE username = 'username'");

You need to use the variable named $username. Instead, you are using a literal value. So if the user typed "secret" as the password, the line SHOULD execute:

...WHERE username = 'secret'");

but instead, it is ALWAYS executing:

...WHERE username = 'username'");

So, I suggest you change it to: $sql = mysql_query("SELECT username FROM usersystem WHERE username = '$username'") or die(mysql_error()); You also have problems on line 31 of register.php: if (mysql_num_rows($s>0))... If you look closer at line 29, $sql will contain the "result" of your SELECT query. So on line 31 you need to use that result to find the number of rows. The problem is that on line 29 your variable is named $sql, but on line 31, you are using $s which is a non-existent variable. Furthermore, the syntax is wrong. The greater than than zero expression should be OUTSIDE the inner closing parenthesis: if ( mysql_num_rows($s) > 0 )... Line 34 of config.php: $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1") has the same problem as line 29 of register.php. You need to dereference (extract the value of) the variables, NOT use literal values. So change it to: $sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1",$dbConnection) NOTICE that I added a second parameter - $dbConnection. Since you said:

...Not sure how to do the first option as i am new to coding

All that meant was that instead of: function user_login ($username, $password) You just need this: function user_login ($username, $password, $dbConnection) if you look closer at config.php, you have a variable named $db which is outside of any function. It is NOT seen/visible within a function. So you use either of the two methods I described earlier to make it visible within the function. IF you were to use the first method, where you were first doing: user_login($username,$password); (basically line 9 of login.php) you will now need to do: user_login($username,$password,$db); Since now your function is declared as: function user_login ($username, $password, $dbConnection) Line 54 of config.php - you probably meant: $_SESSION['username'] = $username; you misspelled username in the SESSION variable.

Also, in user_login() function you ARE sanitizing the $username variable ( by using mysql_real_escape_string), but NOT the $password variable. You need to sanitize both. Lastly, when you stored the password in the db, you stored the md5 of the password, not the plain password. However, in user_login() you are comparing the plain password against the md5 stored in the db. You need to md5 the $password variable before executing the query.

Lastly, config.php is ESSENTIAL for your scripts since it does the db connectivity. So instead of include(), use require_once(). That way if you provide the wrong path to the file, you will get a runtime error that will clearly indicate the problem. Using include, the script will continue executing "silently".

<?
//config.php
//Configuration File
//Usually localhost
$host = "localhost";

//Database Username
$username = "";

//Database Password
$dbpass = "";

//Database Name
$dbname = "rpimager_test";


//----Do not edit below this line unless you know what you are doing.----
//Connect to DB.
$db=@mysql_connect ("$host", "$username", "$dbpass") or die ("<b>SQL Error</b><Br/>Please check your database connection settings.");
mysql_select_db ("$dbname") or die(mysql_error());

function user_login ($username, $password, $dbConnection)
{
	//take the username and prevent SQL injections
	$username = mysql_real_escape_string($username);
	$password = md5( mysql_real_escape_string($password) );
	//begin the query
	$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1", $dbConnection);

	//check to see how many rows were returned
	$rows = mysql_num_rows($sql);

	if ($rows<=0 )
	{
		echo "Incorrect username/password";
	}
	else
	{
		//have them logged in
		$_SESSION['username'] = $username;
	}
}

//Get data from SQL DB.
$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Title'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) 
{
	$title = "$row[Value]";
}

$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) 
{
	$adcode = "$row[Value]";
}
$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code_Downloads'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) 
{
	$adcode1 = "$row[Value]";
}
//Steralize a few vars.
$search = stripslashes(strip_tags($_GET[search]));
$filetype = stripslashes(strip_tags($_GET[ext]));
$source = str_replace("|", "", stripslashes(strip_tags($_GET[source])));
if ($source == NULL) 
{
	$source ="all";
}

$page = stripslashes(strip_tags($_GET[page]));
if (!is_numeric($page)) 
{
	$page = "1";
}

if ($page <= 0)
{
	$page="1";
}
?>

<?php
//register.php
require_once("config.php");

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
{

	//Prevent SQL injections
	$username = mysql_real_escape_string($_POST['username']);
	$email = mysql_real_escape_string($_POST['email']);

	//Get MD5 hash of password
	$password = md5($_POST['password']);

	//Check to see if username exists
	$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");

	if( mysql_num_rows($s) > 0 )
	{
		die ("Username taken.");
	}

	mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); 
	echo "Account created."; 
}
?>
<html></html>

<form action="register.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

Email: <input name="email" type="text" />

<input type="submit" value="Submit" />

</form>



<?php
//login.php

//config.php contains $db - the db connection variable you will need in user_login
require_once("config.php");

if ( isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password']) )
{
	user_login($_POST['username'], $_POST['password'],$db);
}
?>

<html></html>

<form action="login.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

<input type="submit" value="Submit" />

</form>

Hi i just did some codoing and heres the error i get when i try to use my register forum

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/rpimager/public_html/RPImager/register.php on line 32
Account created.

Here's the docs that i use it for. why i getting this error

config.php

<?
//Configuration File


//Usually localhost
$host = "localhost";

//Database Username
$username = "";

//Database Password
$dbpass = "";

//Database Name
$dbname = "rpimager_test";



//----Do not edit below this line unless you know what you are doing.----
//Connect to DB.
$db=@mysql_connect ("$host", "$username", "$dbpass") or die ("<b>SQL Error</b><Br/>Please check your database connection settings.");
mysql_select_db ("$dbname");

function user_login ($username, $password)

{

//take the username and prevent SQL injections

$username = mysql_real_escape_string($username);

//begin the query

$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");

//check to see how many rows were returned

$rows = mysql_num_rows($sql);

if ($rows<=0 )

{

echo "Incorrect username/password";

}

else

{

//have them logged in

$_SESSION['sername'] = $username;

}
}
//Get data from SQL DB.
$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Title'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $title = "$row[Value]";

$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $adcode = "$row[Value]";

$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code_Downloads'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $adcode1 = "$row[Value]";

//Steralize a few vars.
$search = stripslashes(strip_tags($_GET[search]));
$filetype = stripslashes(strip_tags($_GET[ext]));
$source = str_replace("|", "", stripslashes(strip_tags($_GET[source])));
if ($source == NULL) $source ="all";
$page = stripslashes(strip_tags($_GET[page]));
if (!is_numeric($page)) $page = "1";
if ($page <= 0) $page="1";

?>

register.php

<?php

include("config.php");

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

 

{

//Prevent SQL injections

$username = mysql_real_escape_string($_POST['username']);

$email = mysql_real_escape_string($_POST['email']);

 

 

//Get MD5 hash of password

$password = md5($_POST['password']);

 

//Check to see if username exists

$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");

if (mysql_num_rows($s>0))

{

die ("Username taken.");

}

 

 

mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; 

 

}

?>

 

<html></html>

<form action="register.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

Email: <input name="email" type="text" />

<input type="submit" value="Submit" />

</form>

login.php

<?php

include("config.php");

if (isset($_POST['username']) && isset($_POST['password']))

{    

user_login($_POST['username'], $_POST['password']);

}

?>

<html></html>

<form action="login.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

<input type="submit" value="Submit" />

</form>

I had the same problem and it turned out the it was a typeo in another file that was the problem, so I would check other files.

forgive my ignorance but did you declare '$s' in the register.php file?

Hi i just did some codoing and heres the error i get when i try to use my register forum

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/rpimager/public_html/RPImager/register.php on line 32
Account created.

Here's the docs that i use it for. why i getting this error

config.php

<?
//Configuration File


//Usually localhost
$host = "localhost";

//Database Username
$username = "";

//Database Password
$dbpass = "";

//Database Name
$dbname = "rpimager_test";



//----Do not edit below this line unless you know what you are doing.----
//Connect to DB.
$db=@mysql_connect ("$host", "$username", "$dbpass") or die ("<b>SQL Error</b><Br/>Please check your database connection settings.");
mysql_select_db ("$dbname");

function user_login ($username, $password)

{

//take the username and prevent SQL injections

$username = mysql_real_escape_string($username);

//begin the query

$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");

//check to see how many rows were returned

$rows = mysql_num_rows($sql);

if ($rows<=0 )

{

echo "Incorrect username/password";

}

else

{

//have them logged in

$_SESSION['sername'] = $username;

}
}
//Get data from SQL DB.
$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Title'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $title = "$row[Value]";

$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $adcode = "$row[Value]";

$sql=mysql_query("SELECT `Value` FROM `general` WHERE `Name`='Ad_Code_Downloads'") or die (mysql_error());
while($row=mysql_fetch_array($sql)) $adcode1 = "$row[Value]";

//Steralize a few vars.
$search = stripslashes(strip_tags($_GET[search]));
$filetype = stripslashes(strip_tags($_GET[ext]));
$source = str_replace("|", "", stripslashes(strip_tags($_GET[source])));
if ($source == NULL) $source ="all";
$page = stripslashes(strip_tags($_GET[page]));
if (!is_numeric($page)) $page = "1";
if ($page <= 0) $page="1";

?>

register.php

<?php

include("config.php");

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

 

{

//Prevent SQL injections

$username = mysql_real_escape_string($_POST['username']);

$email = mysql_real_escape_string($_POST['email']);

 

 

//Get MD5 hash of password

$password = md5($_POST['password']);

 

//Check to see if username exists

$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");

if (mysql_num_rows($s>0))

{

die ("Username taken.");

}

 

 

mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; 

 

}

?>

 

<html></html>

<form action="register.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

Email: <input name="email" type="text" />

<input type="submit" value="Submit" />

</form>

login.php

<?php

include("config.php");

if (isset($_POST['username']) && isset($_POST['password']))

{    

user_login($_POST['username'], $_POST['password']);

}

?>

<html></html>

<form action="login.php" method="post">

Username: <input name="username" type="text" />

Password: <input type="password" name="password" />

<input type="submit" value="Submit" />

</form>

Check line "32" the syntax ($s>0) I think it should be ($sql>)

Double check line 31 of the file "$s>0" shouldn't that be "$sql > 0"...