login in php

Question

imaditigarg 0 Newbie Poster

11 Years Ago

**I m not able into if statement its directly going into the else part. And Sometimes i get " mysql_num_rows() expects parameter 1 to be resource" this error. Plz help

<?php
// Connect to server and select databse.
mysql_connect("localhost", "root", "")or die("cannot connect"); 
mysql_select_db("db_feedback")or die("cannot select DB");
// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM tb_login WHERE IntakeId='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

**

php

4 Contributors
3 Replies
169 Views
14 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by Webville312

NardCake 30 Posting Pro in Training

11 Years Ago

There are a few things that need to be fixed here.
First is that you aren't using the mysqli_* family, I wasn't using it for a while because I was new and didn't realise they existed but it's best to use them. They are a bit faster and more secure, same functions for example mysql_query will be mysqli_query.

Also the weay you're setting the sessions isn't the way I would do it, you haven't stored any data in them either! First thing you need to do at the top odf the script is call session_start() as it initializes everything to do with sessions. Next when and where you are ready to set the sessions you should do it like this:

$_SESSION['name'] = $data;

Although I'm not quite sure you want to store username and password in a session, you should store an id or something to recognize the user then grab that information from the database.

Hope that helps! And remember to upgrade to mysqli_* !

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

broj1 356 Humble servant Featured Poster · Answer 1 · 2013-04-01T21:06:46+00:00

As NardCake said put session_start() function on top of the script so you can use a session. Then do not use session_register() function since it has been deprecated and removed after PHP 5.4. Just assign the values to the $_SESSION array (see NardCake's post).

Then before using $_POST array values check for their existence first since users might forget to input values in which case you have to deisplay an error message. So just wrap your code in if / else blocks:

if(isset($_POST['myusername']) && isset($_POST['mypassword'])) {

    // Connect to server and select databse.
    mysql_connect("localhost", "root", "")or die("cannot connect");
    mysql_select_db("db_feedback")or die("cannot select DB");
    // username and password sent from form 
    $myusername = $_POST['myusername'];
    $mypassword = $_POST['mypassword'];   
    ...

} else {

    echo 'Please enter username and password';
}

Webville312 14 Newbie Poster · Answer 2 · 2013-04-02T09:39:35+00:00

You can use this;

<?php
$username1 = $_POST['user_name'];
$password1 = md5($_POST['pass_word']);

if($username1 != NULL && $password1 !=NULL)
{
include('connect.php'); // This is the file that connects to the database

$select = "SELECT * FROM users WHERE username = '$username1' AND password = '$password1' AND status='1'";
$result = mysql_query($select) or die('Unable to Select User'.mysql_error());

if (@mysql_num_rows($result) == 1) {
                        // the username and password match, 
                        //open apporiate pages
                        $row = mysql_fetch_array($result);

                        $_SESSION['username']=$row['username'];
                        $_SESSION['password']=$row['password'];

                    header('Location: home_page.php');
                    exit;

}

else 
{
$errorMessage = "<center><font color='red'><strong>Invalid Login!!</strong></center>$msg<br><center></center>";
}
}
?>