-1

Every time I try to run my script I get this error, saying that mysql_num_rows(): supplied argument is not a valid MySQL result resource. I'm not quite sure why its doing this. My goal is to get it to check to see if the client who logs in is an admin.

<?php
    session_start();
    $username = $_POST['username'];
    $password = $_POST['password'];

    if ($username&&$password)
    {

    $user = $_SESSION['user'];
    //connect
    $connect = mysql_connect("localhost","*******_robert","***********") or die ("Couldn't Connect"); //host,username,password
    mysql_select_db("virtua15_gateway") or die ("Could not find database");
    //query
    $get = mysql_query("SELECT * FROM Users WHERE username='$user'");
    $numrows = mysql_num_rows($query);
    if ($numrows!=0)
    {
        while ($row = mysql_fetch_assoc($query))
        {
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
        }
        if ($username==$dbusername&&$password==$dbpassword)
        {
         header( 'Location: index2.php' );
         $_SESSION['username']=$dbusername;
        }
        else
            echo "incorrect username and password";
    }
       else
         die ("This user does not exist");

    }
    else
        die("Please enter a username and a password");


    while($get = mysql_fetch_assoc($get))

{
 $admin = $row['admin'];
}
if ($admin==0)
 die ("You are not and admin!");
header('Location: index2.php')

?>
RAS
  • 8,100
  • 16
  • 64
  • 86
David
  • 389
  • 5
  • 22
  • 2
    I'm pretty sure I've already seen this kind of question... [hint: check questions under the "related" tab on the right ---->] – Damien Pirsy Jan 21 '12 at 11:18
  • possible duplicate of [mysql_num_rows(): supplied argument is not a valid MySQL result resource](http://stackoverflow.com/questions/3698740/mysql-num-rows-supplied-argument-is-not-a-valid-mysql-result-resource) – DCoder Aug 09 '12 at 07:38

4 Answers4

3
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

So, is it $get or $query?

Michael Krelin - hacker
  • 138,757
  • 24
  • 193
  • 173
3

You call your query resource $get, but then pass it as $query. Choose one :)

$query = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

Also, add an error checking in case the query fails (die() or trigger_error())

Might be also worth noting you need to escape any input instead of feeding it directly in your query (even from $_SESSION or $_COOKIES, not only $_POST). Use mysql_real_escape_string() for that. And you should not store password in clear text, might use sha1() or better hashing algos.

Damien Pirsy
  • 25,319
  • 8
  • 70
  • 77
2

use this:

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

instead of :

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
jogesh_pi
  • 9,762
  • 4
  • 37
  • 65
1
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

change $query to $get

dimitril
  • 393
  • 2
  • 4