CSS Codes
CSS Layouts
Results 1 to 2 of 2

Thread: Help with Session Handling needed

  1. 01-01-2012, 01:14 PM #1
    dcr33
    dcr33 is offline Junior Coders
    Join Date
    Jul 2011
    Posts
    58
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Default Help with Session Handling needed

    I am getting the following error -
    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\wamp\www\...\signin.php on line 7
    Call Stack
    # Time Memory Function Location
    1 0.0281 373480 {main}( ) ..\signin.php:0
    2 0.0571 380104 mysql_num_rows ( ) ..\signin.php:7

    The code is as follows -
    PHP Code:
    <?php
    extract    ($_POST);
    $cn=mysql_connect('localhost','root','');
    mysql_select_db('db1',$cn);
    $sql="select user_type from user_dtl where login='$uname' and passwd='$pswd'";
    $result=mysql_query($sql,$cn);
    $num=mysql_num_rows($result);
    if(    $num>0)
    {
    $utype=mysql_result($result,0,"user_type");
    session_start();
    $_SESSION['utype']=$utype;
    $_SESSION['uname']=$uname;
    if(    $utype=="A")
    {
         header('location:admin.php');
     }
     else if(    $utype=="G")
     {
         header('location:home.php');
     }
     }
     else
     {
     echo     "Invalid username/password.<a href='signin.html'>Try again</a>";
     }
         ?>
    I have created the database "db1" with a table called 'user_dtl' with the following fields - 'uname','pswd','user_type' .
    Are the field names and the names used in the program matching?
    If not pls tell me how to rectify the code .
    Will be very much thankful.
    Reply With Quote Reply With Quote
  2. 01-01-2012, 04:15 PM #2
    djr33's Avatar
    djr33
    djr33 is offline Global Moderator
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    1. It looks like you have different names for 'password'. Check that. The error in PHP is telling you that the query failed-- it did not run properly; so if you need more feedback, use mysql_error() to see what is wrong with the MySQL.

    2. Using extract($_POST) is dangerous. It allows any values submitted (for example, by a hacker) as post data to be accepted as native variables in PHP. This is dangerous for the same reason that register_globals is. Look it up for more info. Also, I don't see anywhere where you check what the password or username are. They might not even be set/sent. If not, you will get errors. You need error checking in this. And more importantly, you should *never* use user input directly in a MySQL query. They can use mysql injection to delete your entire database. What if someone used "test; drop database `dbl`" as the value of $uname via post? Use mysql_real_escape_string() on any user-input values in a mysql query to be safe.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules