0

Hello all,
I have searched this forum to find the answer to my question however none of the answers seem relevant so here we go:

I am building a member service however when coding the login.php script, I keep coming across this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /(DIRECTORY)/login.php on line 67

The code in question is:

<?php
					if ($_POST['submit-login'])
{
	$user_retrieve = mysql_query("SELECT * FROM `users` WHERE
	`username` = '" . mysql_escape_string($_POST['username']) . "' &&
	`password` = '" . mysql_escape_string(md5(SALT_KEY .
	$_POST['password'] . SALT_KEY)) . "'");
	
	if (mysql_num_rows($user_retrieve))
	{
		$ur = mysql_fetch_array($user_retrieve);
		$session_retrieve = mysql_query("SELECT * FROM `user_sessions`
		WHERE `session_id` = '" .
		mysql_escape_string($_COOKIE['PHPSESSID']) . "' && `ip_address` = '" .
		mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "'");
		if (mysql_num_rows($session_retrieve))
		{
			echo "You are already logged in. <a href='members-area.php'>Click Here</a>";
		}
			else
		{
		if (empty($_COOKIE['PHPSESSID']))
		{
		echo "Unknown Error, Please try enabling cookies.";
		}else{
			$create_session = mysql_query("INSERT into `user_sessions` (session_id, ip_address, uid) values ('".mysql_escape_string($_COOKIE['PHPSESSID'])."', '" . mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "', '" . mysql_escape_string($ur['id']) . "');");
			echo "You have successfully logged in. <a href='members-area.php'>Click Here</a>";
		}
		}
		}
		else
		{			echo "Invalid Username or Password.";
		}
	}
?>

with this at the start of the document:

<?php
session_start();
include ("configuration.php");
?>

and configuration.php is set up correctly.

Could someone please help me with the problem and explain why the error is appearing as I am moderately new to php and would like to learn from my mistake.

Thanks!

5
Contributors
5
Replies
6
Views
6 Years
Discussion Span
Last Post by ElliottDuke
1

Debug your code with echo.
echo both select script and run it in phpmyadmin.
Post what you are getting.

<?php
					if ($_POST['submit-login'])
{
	$sql = "SELECT * FROM `users` WHERE
	`username` = '" . mysql_escape_string($_POST['username']) . "' &&
	`password` = '" . mysql_escape_string(md5(SALT_KEY .	$_POST['password'] . SALT_KEY)) . "'";
	echo 'First Query : <br> :'.$sql;
	
	$user_retrieve = mysql_query($sql);
	
	if (mysql_num_rows($user_retrieve))
	{
		$ur = mysql_fetch_array($user_retrieve);
		$sql = "SELECT * FROM `user_sessions` WHERE `session_id` = '".mysql_escape_string($_COOKIE['PHPSESSID'])."' && `ip_address` = '".mysql_escape_string($_SERVER["REMOTE_ADDR"])."'";
		echo 'Second Query : <br> :'.$sql;
		exit;
		
		$session_retrieve = mysql_query($sql);
		if (mysql_num_rows($session_retrieve))
		{
			echo "You are already logged in. <a href='members-area.php'>Click Here</a>";
		}
			else
		{
		if (empty($_COOKIE['PHPSESSID']))
		{
		echo "Unknown Error, Please try enabling cookies.";
		}else{
			$create_session = mysql_query("INSERT into `user_sessions` (session_id, ip_address, uid) values ('".mysql_escape_string($_COOKIE['PHPSESSID'])."', '" . mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "', '" . mysql_escape_string($ur['id']) . "');");
			echo "You have successfully logged in. <a href='members-area.php'>Click Here</a>";
		}
		}
		}
		else
		{			echo "Invalid Username or Password.";
		}
	}
?>
0

I wasn't aware you could use && in SQL queries (see line 14). Change it to AND instead.

Also, you say you searched the forum; the first post in this forum (at the top of the page tackles the same issue), and searching for the exact title of your post found half a dozen matches. Did you read through these?

0

Turns out I had mistakenly named 'ip_address' when it should have been 'ip'. Problem solved. Thankyou all!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.