Im doing a login facility for my website iv connected it to the database but when i try to enter some values for login name and password i get the following message:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/milkitshakeit.freehostia.com/log.php on line 16

Here is my php code. Please can anyone help. Thank you in advance for your help:
<?
session_name("MyLogin");
session_start();
if($_GET == "login") {
$conn = mysql_connect("localhost","username","psswd"); // wrote these like this for security reasons while the post is up
$db = mysql_select_db("pukakh_user"); //put your database name in here
$name = $_POST;
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");
if(mysql_num_rows($q_user) == 1) {
$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST == $data) {
session_register("name");
header("Location: http://milkitshakeit.freehostia.com"); // success page. put the URL you want
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
</body>
</html>

-Use code tags so I can see where line 16 is
-Why are you performing the same query twice? $q_user is essentially the same is $query -You should check that the query result ( $q_user ) is not false before checking the number of rows

$conn = mysql_connect("localhost","username","psswd"); // wrote these like this for security reasons while the post is up

That's why. You didn't run that query, thus you didn't connect to your database, thus you can't get the information.

Here:

$db = mysql_connect("host", "user", "pass");
mysql_select_db("database", $db);

As above, please use code tags and running the same query twice is pointless.

A few tips:
Do not trust your users, always check their input. Never use POST values directly in the database query, thats just asking for problems - look into mysql_real_escape_string() for starters.

There is a handy little piece of code which could probably answer this question for you:

or die('Error: '. mysql_error());

This will tell you if you have any problems in SQL queries, add it to the end of any query:

mysql_query("SELECT * FROM USERS WHERE login='$name'")or die('Error: '. mysql_error());

Going back to my first point here, you also are not encrypting the passwords. Lets say someone does gain access to the database (currently very easy with the SQL you are using) and gets the user list, I'm sure your userbase would not be happy that their password/email address combinations were out in the open. A simple md5('value'); creates an MD5 hash, thats some extra security for another 6 or so charaters of code.

<?php
session_name("MyLogin");
session_start();
if($_GET['action'] == "login") {
	$conn = mysql_connect("localhost","username","psswd"); // wrote these like this for security reasons while the post is up
		mysql_select_db("db", $conn);
	$name = mysql_escape_string($_POST['user']);
	$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");
	if(mysql_num_rows($q_user) == 1) {
	$data = mysql_fetch_array($query);
		if($_POST['pwd'] == $data['password']) {
			session_register("name");
			header("Location: http://milkitshakeit.freehostia.com"); // success page. put the URL you want
			exit("Success");
		} 
		else {
		header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
		exit("Wrong Pass");
		}
	} 
	else {
	header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
	exit("Invalid User");
	}
}

// if the session is not registered
if(session_is_registered("name") == false) {
	header("Location: login.php");
}
?>

Fixed up your code a little bit. It needs to be fixed up more, but I'll leave that to you.

This article has been dead for over six months. Start a new discussion instead.