Re: php Login script issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/16/07, Chris Carter <chandan9sharma@xxxxxxxxx> wrote:
>
> Hi,
>
> Its just a login and password validation that I am trying to achieve. If the
> username is correct then the person is able to view certain page, if
> incorrect then he is directed elsewhere.
>
> <?
> $userid=mysql_real_escape_string($userid);

Here you call it $userid

> $password=mysql_real_escape_string($password);
>
> if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tablename WHERE
> userName='$userName' AND password = '$password'"))){

and here you call it $userName. If this is the full code, $userName is
not set here, and it would result in query userName='' and mysql_query
will return FALSE, which isn't a valid mysql resource for
mysql_fetch_array.

>        if(($rec['userName']==$userName)&&($rec['password']==$password)){
>         include "../include/newsession.php";
>            echo "<p class=data> <center>Successfully,Logged in<br><br>
> logout.php  Log OUT  <br><br> welcome.php Click here if your browser is not
> redirecting automatically or you don't want to wait. <br></center>";
>     print "<script>";
>       print " self.location='submit-store-details.php';"; // Comment this
> line if you don't want to redirect
>          print "</script>";
>
>                                }
>                }
>        else {
>
>                session_unset();
> echo "Wrong Login. Use your correct  Userid and Password and Try
> <br><center><input type='button' value='Retry'
> onClick='history.go(-1)'></center>";
>
>        }
> ?>
>
> I am getting this error when I am using this code:
>
> Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
> resource in thispage.php on line 37
> Wrong Login. Use your correct Userid and Password and Try
>
> Why does it show up everytime and whats wrong with mysql_fetch_array().
>
> Please advice also if there is some other way available please help me try
> that.
>
> Thanks,
>
> Chris


I advice you to split the code up in 2 seperate actions, and check for errors.

> if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tablename WHERE userName='$userName' AND password = '$password'"))){

would become:
$result = mysql_query("SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'") or die
(mysql_error());
// You could also add some checks here with mysql_num_rows for example...
if($rec=mysql_fetch_array($result)){

Tijnema


-- 
If this is a mailing list: DO NOT TOP POST! why?:
http://www.caliburn.nl/topposting.html

Vote for PHP Color Coding (aka Syntax Highlighting) in Gmail! ->
http://gpcc.tijnema.info

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux