Please someone should help me before I faint. I have been working with this login script and am getting this error on a server:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/utimate/public_html/PhpPractice1/index.php on line 32.

When I test it with wampserver, I will get this error:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\PhpPractice\index.php on line 32

I have checked the database connection and is connecting properly but am still getting the problem.

Below are the code:
Login script

<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
	 ?>
    
    <h1>Member Area</h1>
  	 <p>Thanks for logging in! You are <b><?=$_SESSION['Username']?><b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
    
    <ul>
        <li><a href="logout.php">Logout.</a></li>
    </ul>
    
    <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	 $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
    
	 $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	 $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];
        
        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;
        
    	 echo "<h1>Success</h1>";
        echo "<p>We are now redirecting you to the member area.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
    	 echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
    
   <h1>Member Login</h1>
    
   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
    
	<form method="post" action="index.php" name="loginform" id="loginform">
	<fieldset>
		<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
		<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
		<input type="submit" name="login" id="login" value="Login" />
	</fieldset>
	</form>
    
   <?php
}
?>
</div>
</body>
</html>

Please someone should help me figure out what is wrong with the code.

This means there is an error in your SQL code: when it executes properly (eg. without errors), it returns a resources containing all the entries you want.
When it fails, it returns the boolean false.

Are you sure everything in your SQL is right?
So, is it Users or users? and are both username and password really strings?

You could put your SQL code in one string, and put the actaully executing code in another one. this way, you can echo the string before it gets submitted, and check for eventual errors.

$SQL = ("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
echo(SQL);
$checklogin = mysql_query(SQL);

use die(mysql_error()) function after the mysql query as

$checklogin = mysql_query(SQL) or die(mysql_error());

to check error in mysql.

You're using wayyyyy too many quotes marks in the query on line 30.

euhm, not exactly, did you ever include a variable in your code?

@phoenix_2000 and others, Thanks so much for taking your valuable time to reply my post. Am very grateful for your inputs.
I checked my SQL code as phoenix_2000 said and discovered that in the table, I used user instead of users as used in my PHP code.

Thanks once again, the problem has been solved!

Try this:

$SQL = ("SELECT * FROM users WHERE Username = '$username' AND Password = '$password'");
echo(SQL);

you seems to have too many " and '

Or
echo this out

echo(SQL)

copy it the result from your browser, go to phpmyadim ,open sql and past the result in there and run it.sql should tell you what's wrong.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.