0

Hi I am working on web for some group, but i have problem my code is

<?php
     session_start();
      $username = $_POST['username'];
      $password = $_POST['password'];
      
      if ($username&&$password)
      {
        $connect = mysql_connect("http://mysql.ic.cz/phpmyadmin/","USERNAME","PASSWORD") or die("Nemůžu se připojit");
       mysql_select_db("vy_promm") or die("Nemůžu najít databázi");
       
       $query = mysql_query("SELECT * FROM uživatelé WHERE username='$username'");
       
       $numrows = mysql_num_rows($query);
       
       if ($numrows!=0) {
        //kod loginu
        while ($row = mysql_fetch_assoc($query)) {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }
        
        //zkontroluje jestli danný uživatel existuje
        if ($username==$dbusername&&$password==$dbpassword) {
           echo "Ty sem patříš! <a href='uzivatel.php'>Klikni</a> sem a bude přešměrován na web";
           $_SESSION['username']=$username; 
        }
        else {
            echo "Špatné heslo!";
        }
        
       }
       else
          die("Tento uživatel neexistuje!");
          
       
      }
      else
         die("Prosím vložte jméno a heslo");
?>

And my problem is Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/free/vyjimecny.cz/p/promm/root/www/login.php on line 13 i don't know what i can do. Please help. btw. I am from CZ not ENG :D.

Edited by peter_budo: Editing credentials from connection string

4
Contributors
6
Replies
7
Views
5 Years
Discussion Span
Last Post by diafol
0

That means your query failed, use:

$query = mysql_query("SELECT * FROM uživatelé WHERE username='$username'") or die(mysql_error());
0

I originally thought that it may be an accent problem in the table name and that the collation/charset combo may be set incorrectly, but I've tried it with utf8/unicode and latin1/swedish (default) and it all works fine.

You really should clean your input:

$username = mysql_real_escape_string($_POST['username']);

But only after the connection call:

if ($_POST['username'] && $_POST['password'])
{
    $connect = mysql_connect("http://mysql.ic.cz/phpmyadmin/","vy_promm","pepik123") or die("Nemůžu se připojit");
    mysql_select_db("vy_promm") or die("Nemůžu najít databázi");
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

The mysql_error() should give you info about the issue.

0

Thanks everyone who wanted to help me. The problem was on hosting .. And now it's all ok :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.