This my error massage :

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\test\loginproc.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\test\loginproc.php:16) in C:\xampp\htdocs\test\loginproc.php on line 24

========================================================================================================

<?php require_once('Connections/kgcrmis.php'); ?>
<?php
// Inialize session
    session_start();

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM admin WHERE (name = '" . mysql_real_escape_string($_POST['name']) . "') 
                                             and (password = '" . mysql_real_escape_string($_POST['password']) . "')");
$ked10014_kgcrmis = mysql_query("SELECT name,password FROM admin WHERE (name = '" . mysql_real_escape_string($_POST['name']) . "')
and (password = '" . mysql_real_escape_string($_POST['password']) . "')");
// Check username and password match



if (mysql_num_rows($login)) {             ***<--- Error at this line ***
// Set username session variable
$_SESSION['name'] = $_POST['name'];
// Jump to secured page
header('Location: form1.php');
}
else {
// Jump to login page
header('Location: index.php');
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Process</title>
</head>

<body>
</body>
</html>
Member Avatar for LastMitch

@rahim92

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\test\loginproc.php on line 16

There's something wrong with your query:

if (mysql_num_rows($login))

Another words, if you look closely here: $login which is line 7:

$login = mysql_query("SELECT * FROM admin WHERE (name = '" . mysql_real_escape_string($_POST['name']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')");

You query is wrong and you need to fixed in order it to work!

It's the query on line 7,
set variables first:

$name=$_POST['name'];
$name= mysql_real_escape_string($name);
$pass= $_POST['password'];

etc, and then the query:

mysql_query("SELECT * FROM admin WHERE name='$name' AND password='$pass'");

and do the same for the next query, re-using the same vars.
And you really should be hashing the password for security at least md5 or sha1

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.