hi please help me to rid of these following warnings in following php script
Actually this script is running smoothly on my local window server, but on mu linux hosted server following warnings are coming..
Please see
please please please help me..
-------------------------------------Warnings-------------
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/compkcom/public_html/cmpanel/check_login.php on line 11

Warning: Cannot modify header information - headers already sent by (output started at /home/compkcom/public_html/cmpanel/check_login.php:11) in /home/compkcom/public_html/cmpanel/check_login.php on line 19

-----------------------------------------------------------------

here goes the script
---------------------------------------------------php script--------------------

<?php
session_start();
?>
<?php
if((isset($_POST['username'])&&$_POST['username']!="")&&(isset($_POST['password'])&&$_POST['password']!="")){
$error='';	
$conn = mysql_connect('localhost','compkcom_care','ptk')or die('Could not connect to MySQL database. ' . mysql_error());
mysql_select_db(SQL_DB,$conn);
$query = "SELECT COUNT(username) AS record FROM admin WHERE username ='" . $_POST['username']."' AND password = '".$_POST['password']."'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if($row['record']==1){
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
header("location:welcome.php");
}
else{
$error .="Please+Enter+Correct+Username+and+password%21%0D%0A";
header("location:index.php?&error=".$error);
}
}
else{
$error .="Please+Enter+the+Username+and+password+First%21%0D%0A";
header("location:index.php?&error=".$error);
}
?>

-----------------------------------------------------

Will Gresham commented: Why post 2 threads for the same topic.. +0

Recommended Answers

All 6 Replies

Any output at all (even a blank line) before the Header will cause this error. As you say, this often doesn't show up as an error until you run from the server. I didn't notice any obvious echo statements so it is more subtle than that.

I seem to remember having a similar problem when I had a session_start before the headers (maybe because it was issuing an error message even though it was suppressed?). You may find it easier to use ob_start and ob_end_flush statements to catch whatever is being issued. It can save tearing out your hair trying to find the actual cause.

Chris

Any output at all (even a blank line) before the Header will cause this error. As you say, this often doesn't show up as an error until you run from the server. I didn't notice any obvious echo statements so it is more subtle than that.

I seem to remember having a similar problem when I had a session_start before the headers (maybe because it was issuing an error message even though it was suppressed?). You may find it easier to use ob_start and ob_end_flush statements to catch whatever is being issued. It can save tearing out your hair trying to find the actual cause.

Chris

Please tell me how can i use ob_start and ob_end_flush statements in above php code

Whats with the

session_start();
?>
<?php
if

You dont need the ?> and <?php there, it is likely that the line break after the ?> is causing the issue, remove the closing and opening tags altogether.

Also, you will want to look at your query, never put POST values into a query.. Sanitise them first otherwise you leave your script open to a very basic attack.

you are getting that error because of the query failing. its putting the warning on the page before the header call which is making the header error occur. you need to fix the query and your problem will be solved.

like xan said, you need to sanitize your inputs. i could easily drop your table with how the code is now.

Try making the following your script:

<?php
session_start();

if((isset($_POST['username']) && $_POST['username']!="") && (isset($_POST['password']) && $_POST['password']!="")){
$error=''; 
$conn = mysql_connect('localhost','compkcom_care','ptk')or die('Could not connect to MySQL database. ' . mysql_error());
mysql_select_db(SQL_DB,$conn);
$query = "SELECT COUNT(username) AS record FROM admin WHERE username ='" . $_POST['username']."' AND password = '".$_POST['password']."'";
$result = mysql_query($query);
if (mysql_num_rows($result)>0) {
    $row = mysql_fetch_array($result);
    }
if($row['record']==1){
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
header("location:welcome.php");
}
else{
$error .="Please+Enter+Correct+Username+and+password%21%0D%0A";
header("location:index.php?&error=".$error);
}
}
else{
$error .="Please+Enter+the+Username+and+password+First%21%0D%0A";
header("location:index.php?&error=".$error);
}
?>

Thanks for the reply...
God bless you..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.