help with php

replace

//check number of user records found... only 1 
$userRecFound = mysql_num_rows($userRec);

with

//check number of user records found... only 1 
if(@mysql_num_rows($userRec)==1){
$userRecFound = 1;
}else{
$userRecFound = false;
}

thanx alot for the helping

i just wonder why it takes me to the deny.php page although i added a new uid and uPw from the add new user page

thanx

it's because mysql_num_rows(); will error when you don't pass a valid mysql result to it so it throws that error "expects parameter 1 to be a mysql resource"

Then it continued and $userRecFound != 1 so it ran the else statement header("location: deny.php");

which will error because text has already been printed to the page from the error and headers can't be sent after text has been output!

if the id and pass should of worked get the sql query printed out and run it yourself to see if theres an obvious error, it could just be that its not on 1 line, ive not tried running mysql in php with returns in it

echo "select * from `user` where `user`.`uid`='$uid' AND `user`.`uPw`='$upw'";

yes it echo the id and the pass
i deleted all the users and i made a new one but the same
so is there anyway to suggest to me what to do ? please ?
thanx

print out the vars to see whats happening such as

var_dump($userRecFound);

make sure it is (int 1) if it isn't the problem is the mysql_query, print out the query check the query runs right and returns 1 row.

if theres still a problem then check mysql_num_rows is setting $userRecFound to 1

on thing i do notice is you are using mysql_fetch_array(); which returns an array with no keys you want mysql_fetch_assoc(); so you can access the variables with their name.

see if this helps work it out, there was a semicolon in the end of your sql query btw

<?php
session_start();
require_once('Connections/connector.php');
if(ctype_alnum($_POST['uid'])){//stop code injection!
$uid= $_POST['uid'];
}else{
$uid = false;
}
echo 'uid '.$uid."\r\n";
$upw = md5($_POST['uPw']);


//manual sql search...
$query = "select * from `user` where `user`.`uid`='$uid' AND `user`.`uPw`='$upw'";
echo 'query '.$query."\r\n";
$userRec = mysql_query($query) or die(mysql_error());

//check number of user records found... only 1 
if(@mysql_num_rows($userRec)==1){
$userRecFound = 1;
echo 'record found'.$userRecFound."\r\n";
}else{
echo 'record not found '.$userRecFound."\r\n";
$userRecFound = false;
}

//check if above sql finds a record...
var_dump($userRecFound)."\r\n";
if($userRecFound==1){
//store user id in a session variable for later security...
echo 'userRecFound == 1'."\r\n";
$_SESSION['uid'] = $uid;
while($userRecFetcher=mysql_fetch_array($userRec)){
var_dump($userRecFetcher);
//if user type = admin
if($userRecFetcher['uType']=='admin'){
//header("location: controlPanel.php");
echo 'usertype is admin'."\r\n";
}
//if user type = reg
elseif($userRecFetcher['uType']=='reg'){
//header("location: controlPanelReg.php");
echo 'usertype is reg'."\r\n";
}else{
echo 'usertype had no match'."\r\n";
}

}
}
//if not in database...
else{ 
//header("location: deny.php");
echo 'access denied'."\r\n";
}