-1

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\Ayyam v3\gate.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at C:\AppServ\www\Ayyam v3\gate.php:16) in C:\AppServ\www\Ayyam v3\gate.php on line 36

am new with php please help me

<?php
session_start();
require_once('Connections/connector.php');
$uid= $_POST['uid'];
$upw = md5($_POST['uPw']);


//manual sql search...
$userRec = mysql_query("select * from `user` where
                `user`.`uid`='$uid' 
                AND
                `user`.`uPw`='$upw';
                ");

//check number of user records found... only 1              
$userRecFound = mysql_num_rows($userRec);

//check if above sql finds a record...
if($userRecFound==1){
    //store user id in a session variable for later security...
    $_SESSION['uid'] = $uid;
    while($userRecFetcher=mysql_fetch_array($userRec)){
        //if user type = admin
        if($userRecFetcher['uType']=='admin'){
            header("location: controlPanel.php");
        }
        //if user type = reg
        elseif($userRecFetcher['uType']=='reg'){
            header("location: controlPanelReg.php");
        }

    }
}
//if not in database...
else{ 
    header("location: deny.php");
}






?>

Edited by happygeek: fixed formatting

2
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by Biiim
0

replace

//check number of user records found... only 1 
$userRecFound = mysql_num_rows($userRec);

with

//check number of user records found... only 1 
if(@mysql_num_rows($userRec)==1){
$userRecFound = 1;
}else{
$userRecFound = false;
}
0

thanx alot for the helping

i just wonder why it takes me to the deny.php page although i added a new uid and uPw from the add new user page

thanx

0

it's because mysql_num_rows(); will error when you don't pass a valid mysql result to it so it throws that error "expects parameter 1 to be a mysql resource"

Then it continued and $userRecFound != 1 so it ran the else statement header("location: deny.php");

which will error because text has already been printed to the page from the error and headers can't be sent after text has been output!

if the id and pass should of worked get the sql query printed out and run it yourself to see if theres an obvious error, it could just be that its not on 1 line, ive not tried running mysql in php with returns in it

echo "select * from `user` where `user`.`uid`='$uid' AND `user`.`uPw`='$upw'";

0

yes it echo the id and the pass
i deleted all the users and i made a new one but the same
so is there anyway to suggest to me what to do ? please ?
thanx

0

print out the vars to see whats happening such as

var_dump($userRecFound);

make sure it is (int 1) if it isn't the problem is the mysql_query, print out the query check the query runs right and returns 1 row.

if theres still a problem then check mysql_num_rows is setting $userRecFound to 1

on thing i do notice is you are using mysql_fetch_array(); which returns an array with no keys you want mysql_fetch_assoc(); so you can access the variables with their name.

see if this helps work it out, there was a semicolon in the end of your sql query btw

<?php
session_start();
require_once('Connections/connector.php');
if(ctype_alnum($_POST['uid'])){//stop code injection!
$uid= $_POST['uid'];
}else{
$uid = false;
}
echo 'uid '.$uid."\r\n";
$upw = md5($_POST['uPw']);


//manual sql search...
$query = "select * from `user` where `user`.`uid`='$uid' AND `user`.`uPw`='$upw'";
echo 'query '.$query."\r\n";
$userRec = mysql_query($query) or die(mysql_error());

//check number of user records found... only 1 
if(@mysql_num_rows($userRec)==1){
$userRecFound = 1;
echo 'record found'.$userRecFound."\r\n";
}else{
echo 'record not found '.$userRecFound."\r\n";
$userRecFound = false;
}

//check if above sql finds a record...
var_dump($userRecFound)."\r\n";
if($userRecFound==1){
//store user id in a session variable for later security...
echo 'userRecFound == 1'."\r\n";
$_SESSION['uid'] = $uid;
while($userRecFetcher=mysql_fetch_array($userRec)){
var_dump($userRecFetcher);
//if user type = admin
if($userRecFetcher['uType']=='admin'){
//header("location: controlPanel.php");
echo 'usertype is admin'."\r\n";
}
//if user type = reg
elseif($userRecFetcher['uType']=='reg'){
//header("location: controlPanelReg.php");
echo 'usertype is reg'."\r\n";
}else{
echo 'usertype had no match'."\r\n";
}

}
}
//if not in database...
else{ 
//header("location: deny.php");
echo 'access denied'."\r\n";
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.