mysql_num_rows() expects parameter 1 to be resource, null given in login.php on line 14

<?php
if(isset($_POST) && !empty($_POST))
{
session_start();
include("config.php"); //including config.php in our file
$username = mysql_real_escape_string(stripslashes($_POST['username'])); //Storing username in $username variable.
$password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); //Storing password in $password variable.


$match = "select id from $table where username = '".$username."' and password = '".$password."';";

$qry = mysql_query($match);

$num_rows = mysql_num_rows($qry);



if ($num_rows <= 0) {

echo "Sorry, there is no username $username with the specified password.";

echo "Try again";

exit;

} else {



$_SESSION['user']= $_POST["username"];
header("location:home.php");
// It is the page where you want to redirect user after login.
}
}else{
?>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div class="container login">
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" class="form-signin" id = "login_form" >
<h2 class="form-signin-heading">Admin/Employee Login</h2>
<input type="text" name="username" size="20" placeholder="Username">
<input type="password" name="password" size="20" placeholder="Password"></br>
<input type="submit" value="Log In" class="btn btn-large btn-primary">
<a href="signup.php">Sign Up</a>
</form>
</div>
</body>
</html>
<?php
}
?>

 

ok

1. you should NOT be using the mysql functions as they will be deprecated at some point. use mysqli or PDO instead.
2. please use the code highlight functionality when posting code. makes it much easier to read.
3. that error basically means that the query failed. Looking at the code that you have posted I wonder if it is the fact that you have $table instead of a tablename and I can't see $table declared anywhere. To get more details about possible errors paste the following line after the line with mysql_query
   

   echo mysql_error();

   Code (markup):

 

you was forgot:

mysql_connect("localhost", "mysql_user", "mysql_password");
mysql_select_db("database");

before

$qry = mysql_query($match);

but really should use PDO.

 

Also call you variables correctly, not related to the error but this is how it should be done. This prevents UNDEFINED VARIABLE notices.

if (!empty($_POST['username'])) {
    $username = mysql_real_escape_string(strip_tags($_POST['username'])); //Storing username in $username variable.
} else {
    echo 'Username cannot be blank';
    die;
}

Code (markup):

Also, why do you have stripslashes($_POST['username'])? You need strip_tags(), not stripslashes().

 

also, change this...

$qry = mysql_query($match);

Code (markup):

to...

$qry = mysql_query($match) or die(mysql_error());

Code (markup):

If you want to see why your query failed.

 

The die(mysql_error()) -function is really NOT recommended, as it outputs stuff from the mysql_-config you don't want to expose to the public if something breaks. It's good for development, but shouldn't really be used in production.

 

Yeah since he is in development, I told him to use it so he can see his errors live without having to bounce around checking logs.

 

you have to replace $num_rows < 1 with $num_rows <= 0 in if condition.

 

and do not make separate variable $num_rows = mysql_num_rows($qry); just us mysql_num_rows($qry) within if condition.

 

You are wrong. There is nothing from with how he did that. The issue was with the query itself.

 

Just change the $match to

$match = "select id from $table where username = '$username' and password = '$password'";
and after this your program will work fine