i am new to php and do not know how to fix the following error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\webareas\hj942\CW\Website\Login\incorrect.php on line 15
I have a users table with a role that consists of a normaluser and a chairperson. I am trying to only select all from the users table where the role is normaluser. I am getting the error message above. My php code is as follows:
<?php
include("../includes/db.php");
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM Users WHERE username='$username' and password='$password' And role = normaluser";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_register("username");
session_register("password");
header("location:myaccount.php");
}
?>
Thank you very much for any help provided.
Try this:
$sql="SELECT * FROM Users WHERE username='$username' and password='$password' And role = 'normaluser'";
i.e: quoting the role value. See if that works...
Here:
$sql="SELECT * FROM Users
WHERE username='$username' and password='$password' And role = normaluser";
and role='normaluser' - this should help. Without '' it's name of column, with it it's a string
Per the docs, mysql_query can return FALSE on the occurence of an error. You should always check for this.
At the very least,
if (!$result) {
die('Invalid query: ' . mysql_error());
}
would give you an idea of what is happening.
By inspection, you have role = normaluser in your SQL. This should probably be role = 'normaluser'.
Finally, your code is wide open to an SQL injection attack. I STRONGLY recommend that you read up on these, understand them and change your code accordingly.