---Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\Project\login.php on line 71-----

<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
<tr>
<td><img src="Logofinalcopy.gif"></td>
</tr>
<tr>
<td bgcolor="aqua"><h2>Login</h2></td>
</tr></table>
<table align="right" style="width:40%">
<br>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td align="CENTER" COLSPAN="4">
<input TYPE="SUBMIT" name="submit" value="Login">
<input TYPE="reset" name="submit" value="clear"></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("10.70.1.50","invensis","invensis");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$select=mysql_select_db("database_myproject", $con);
if (!$select)
{
die('Could not connect DB: ' . mysql_error());
}

$username=$_POST['username'];
$password=$_POST['password'];
$Username = stripslashes($username);
$Password = stripslashes($password);
$Username = mysql_real_escape_string($username);
$Password = mysql_real_escape_string($password);
$flag="OK";
$msg="";
if(strlen($Username) < 1)
{
$msg=$msg."Please enter the username<br>";
$flag="NOTOK";
}
if(strlen($Password) < 1)
{
$msg=$msg."Please enter the password<br>";
$flag="NOTOK";
}
if($flag <>"OK")
{
echo "<br><br><br><br><br><strong style='color:#FF3333'>"."<right>Please enter Username/Password <br></right>"."</strong>"; }
else
{
$sql="SELECT * FROM `Users` WHERE `Username`=`$Username` and `Password`=`$Password`";
$result=mysql_query($sql, $con) ;
$count=mysql_num_rows($result);
if($count==1)
{
$sql = "SELECT Role FROM Users WHERE Username='$Username' and Password='$Password'";
$result = mysql_query($sql, $con);
$info = mysql_fetch_array($result);


if($info['Role']== '0')
{
@header("location: http://localhost/Project/Superadmin.php");
}
else if($info['Role']== '1')
{
@header("location: http://localhost/Project/Admin.php");
}
else if($info['Role']== '2')
{
@header("location: http://localhost/Project/User.php");
}


}
else
{
echo "<br><br><br><br><br><strong style='color:#FF3333'><left>Incorrect UserName OR Password</left></strong>";
}

}
}
?>

Your sql syntax should be as follows

$sql="SELECT * FROM `Users` WHERE `Username`='$Username' and `Password`='$Password'";

Notice the change in quotes. I would give you a line number but you didn't use code tags so I can't.

I received your pm and try the following:

<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
<tr>
<td><img src="Logofinalcopy.gif"></td>
</tr>
<tr>
<td bgcolor="aqua"><h2>Login</h2></td>
</tr></table>
<table align="right" style="width:40%">
<br>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td align="CENTER" COLSPAN="4">
<input TYPE="SUBMIT" name="submit" value="Login">
<input TYPE="reset" name="submit" value="clear"></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("10.70.1.50","invensis","invensis", true);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$select=mysql_select_db("database_myproject", $con);
if (!$select)
{
die('Could not connect DB: ' . mysql_error());
}

$username=$_POST['username'];
$password=$_POST['password'];
$Username = stripslashes($username);
$Password = stripslashes($password);
$Username = mysql_real_escape_string($username);
$Password = mysql_real_escape_string($password);
$flag="OK";
$msg="";
if(strlen($Username) < 1)
{
$msg=$msg."Please enter the username<br>";
$flag="NOTOK";
}
if(strlen($Password) < 1)
{
$msg=$msg."Please enter the password<br>";
$flag="NOTOK";
}
if($flag <>"OK")
{
echo "<br><br><br><br><br><strong style='color:#FF3333'>"."<right>Please enter Username/Password <br></right>"."</strong>"; }
else
{
$sql="SELECT * FROM `Users` WHERE `Username`='$Username' and `Password`='$Password'";
$result=mysql_query($sql, $con) ;
if(!$result)
{
    echo mysql_error();
}
$count=mysql_num_rows($result);
if($count==1)
{
$sql = "SELECT Role FROM Users WHERE Username='$Username' and Password='$Password'";
$result = mysql_query($sql, $con);
$info = mysql_fetch_array($result);


if($info['Role']== '0')
{
@header("location: http://localhost/Project/Superadmin.php");
}
else if($info['Role']== '1')
{
@header("location: http://localhost/Project/Admin.php");
}
else if($info['Role']== '2')
{
@header("location: http://localhost/Project/User.php");
}


}
else
{
echo "<br><br><br><br><br><strong style='color:#FF3333'><left>Incorrect UserName OR Password</left></strong>";
}

}
}
?>

I received your pm and try the following

<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
<tr>
<td><img src="Logofinalcopy.gif"></td>
</tr>
<tr>
<td bgcolor="aqua"><h2>Login</h2></td>
</tr></table>
<table align="right" style="width:40%">
<br>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td align="CENTER" COLSPAN="4">
<input TYPE="SUBMIT" name="submit" value="Login">
<input TYPE="reset" name="submit" value="clear"></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("10.70.1.50","invensis","invensis", true);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$con=mysql_select_db("database_myproject", $con);
if (!$con)
{
die('Could not connect DB: ' . mysql_error());
}

$username=$_POST['username'];
$password=$_POST['password'];
$Username = stripslashes($username);
$Password = stripslashes($password);
$Username = mysql_real_escape_string($username);
$Password = mysql_real_escape_string($password);
$flag="OK";
$msg="";
if(strlen($Username) < 1)
{
$msg=$msg."Please enter the username<br>";
$flag="NOTOK";
}
if(strlen($Password) < 1)
{
$msg=$msg."Please enter the password<br>";
$flag="NOTOK";
}
if($flag <>"OK")
{
echo "<br><br><br><br><br><strong style='color:#FF3333'>"."<right>Please enter Username/Password <br></right>"."</strong>"; }
else
{
$sql="SELECT * FROM `Users` WHERE `Username`='$Username' and `Password`='$Password'";
$result=mysql_query($sql, $con);
if(!$result)
{
    echo mysql_error();
}
$count=mysql_num_rows($result);
if($count==1)
{
$sql = "SELECT Role FROM Users WHERE Username='$Username' and Password='$Password'";
$result = mysql_query($sql, $con);
$info = mysql_fetch_array($result);


if($info['Role']== '0')
{
@header("location: http://localhost/Project/Superadmin.php");
}
else if($info['Role']== '1')
{
@header("location: http://localhost/Project/Admin.php");
}
else if($info['Role']== '2')
{
@header("location: http://localhost/Project/User.php");
}


}
else
{
echo "<br><br><br><br><br><strong style='color:#FF3333'><left>Incorrect UserName OR Password</left></strong>";
}

}
}
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.