Hey guys,
My friend is using this script he got off some website. He gave it to me to fix up because it was total and utter ****.
I've made the database and created 1 username and password in the database (yes, I made sure it was only one). When I run this script I get an error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/spowpow1/public_html/test/login/checklogin.php on line 24
Not only that but it tells me:
Wrong Username or Password
even though I have gotten the username and password right.
I'm pretty sure there's something going wrong with my queries just above line 24, but I don't know what.
Here's the code:
<?php error_reporting(E_ALL);
// Connect to server and select databse.
$con=mysql_connect("localhost", "<username>", "<password>");
if (!$con) {
echo "Could not Connect: " . mysql_error();
};
mysql_select_db("spowpow1_login");
mysql_query($con);
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql=mysql_query("SELECT * FROM members WHERE username=$myusername and password=$mypassword");
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($sql);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
mysql_close($con);
?>
Any help would be greatly appreciated! Thanks!
