I'm trying to write a simple login script but I'm getting the resource id #3 error, Hope someone can help thanks in advance <?php $host="localhost"; $user="root"; $password=""; $db="admin"; $tableadmin="admin1"; $adminuser= $_POST["adminuser"]; $adminpass= $_POST["adminpass"]; $link = mysql_connect($host,$user,$password) or die ("couldn't connect to server"); $db = mysql_select_db($db,$link) or die ("Couldn't select database"); $result = "SELECT * FROM admin1 WHERE adminuser='$adminuser' AND adminpass='$adminpass'"; $query = mysql_query($result) or die ("Couldn't execute query."); echo "<br><br>$query<br><br>"; //heres the problem if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"]= $adminuser; header("Location: loggedon.php"); } else { $_SESSION["message"]="could not connect to database as $adminuser"; header("Location: loginform.php"); } ?> PHP:
why wouldnt the SQL statement be called $query and the mysql_query be stored as the result? the the if mysql_num_rows will be pulling the real result and not the SQL query
Thanks for that, Changed it to this, $query = "SELECT * FROM admin1 WHERE adminuser='$adminuser' AND adminpass='$adminpass'"; $result = mysql_query($query) or die ("Couldn't execute query."); //heres the problem if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"]= $adminuser; header("Location: loggedon.php"); } PHP: still same error Thanks for any help
try using the COUNT(*) instead $query = "SELECT COUNT(*) as cnt FROM admin1 WHERE adminuser='$adminuser' AND adminpass='$adminpass'"; $result = mysql_query($query) or die ("Couldn't execute query."); $row = mysql_fetch_array($result); if ($row['cnt'] > 0) { $_SESSION["authenticatedUser"]= $adminuser; header("Location: loggedon.php"); } PHP:
try putting a @ before mysql_query $result = @mysql_query($query) or die ("Couldn't execute query."); PHP:
This is the error I echo the error here echo "<br>$query<br>"; PHP: and this is the result when I try to login from the login form Resource id #3 Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\admin_log_in.php:18) in C:\Program Files\xampp\htdocs\admin_log_in.php on line 23 Thanks for any help Regards Ducca
if you switched around the $query and $result variables as mentioned earlier in this thread, then $query should echo your SQL statement. if it is showing the Resource ID, then $query is storing the mysql_query still which is usually stored as $result. any time you echo mysql_query, you get a resource id.
Yeah, its all fine, just echo $result instead, and then the header() function shouldn't output errors since nothing else has come before it
/* * Setup connection params * Bobby Easland, 11 October 2006 */ $host = "localhost"; $user = "root"; $password = ""; $db = "admin"; $tableadmin = "admin1"; /* * Hopefully sanitize the values coming in * Bobby Easland, 11 October 2006 */ $adminuser = $_POST["adminuser"]; $adminpass = $_POST["adminpass"]; /* * Connect to DB or die with error * Bobby Easland, 11 October 2006 */ $link = mysql_connect($host,$user,$password) or die ("couldn't connect to server"); $db = mysql_select_db($db,$link) or die ("Couldn't select database"); /* * Initialize the SQL statement * Bobby Easland, 11 October 2006 */ $query = "SELECT * FROM admin1 WHERE adminuser='" . mysql_real_escape_string($adminuser) . "' AND adminpass='" . mysql_real_escape_string($adminpass) . "' LIMIT 1"; $result = mysql_query($result) or die ( 'MySQL error: ' . mysql_error() . '<br>' . $query ); /* * Basic sanity check * Bobby Easland, 11 October 2006 */ if ( mysql_num_rows($result) > 0 ){ $_SESSION["authenticatedUser"] = $adminuser; header("Location: loggedon.php"); } else { /* * No rows returned...unset session user var and header away * Bobby Easland, 11 October 2006 */ unset($_SESSION["authenticatedUser"]); $_SESSION["message"] = 'could not authenticate: ' . $adminuser; header("Location: loginform.php"); } /* * No headers sent...might as well exit or die with grace * Bobby Easland, 11 October 2006 */ exit(); PHP:
Cheers all, thanks very much for your help cheers for the help Chemo, I,ve used your code now I,m getting this error MySQL error: Query was empty SELECT * FROM admin WHERE adminuser='1' AND adminpass='1' LIMIT 1 the database is fine and the values are in the correct table thanks again
run the query: SELECT * FROM admin WHERE adminuser='1' AND adminpass='1' LIMIT 1 Code (markup): directly into phpmyadmin and see if it actually returns a result. i suspect your database does not contain such a record.
Cheers all, appreciate the help the database in phpmyadmin was showing the values correctly, dropped the tables and created them again and now it works fine thanks again everyone regards Ducca
Basic 101 but remember to mysql_real_escape_string() your incoming POST vars when coding your own scripts.
<?php //Connect To Database $host="localhost"; $user="root"; $password=""; $db="admin"; $tableadmin="admin1"; $link = mysql_connect($host,$user,$password) or die (mysql_error()); $db = mysql_select_db($db,$link) or die (mysql_error()); //Get userinfo $adminuser= strip_tags($_POST["adminuser"]); $adminpass= strip_tags($_POST["adminpass"]); //Run Query $query = mysql_query("SELECT COUNT(*) FROM `admin1` WHERE `adminuser`='$adminuser' AND `adminpass`='$adminpass'") or $error = mysql_error(); if($errro == NULL){ $count = mysql_fetch_row($query) or $error = mysql_error(); } if($count[0] > 0){ $_SESSION["authenticatedUser"] = $adminuser; header("Location: loggedon.php"); exit(); } if($error){ $errro_message = 'Internal Error: <br/>'.$error; } else { $error_message = 'Invalid Username and/or Password'; } //This page is presumed to be loginform.php, else this code should be placed topmost of loginform.php echo $error_message; ?> PHP: Peace,