Mohith Kalyan Mohith Kalyan - 7 months ago 64
SQL Question

Error in PHP login form

This is the code what I got from tutorials point and when I try to login, it's not working!!! It says:


Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\index.php on line 13

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\index.php on line 16


<?php
include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form

$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);

$sql = "SELECT * FROM tbl_users WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];

$count = mysqli_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 1) {
session_register("myusername");
$_SESSION['login_user'] = $myusername;

header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>


Any help would be very much appreciated !!
Thanks in advance.

After changing username with ".username."... This is the code !!

<?php
include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form

$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);

$sql = "SELECT * FROM tbl_users WHERE username = '".$myusername."' and password = '".$mypassword."'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];

$count = mysqli_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 1) {
session_register("myusername");
$_SESSION['login_user'] = $myusername;

header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>

<html>
<head><title>Login Page PHP Script</title></head>
<body>
<div align="center">
<div style="width:300px; border: solid 1px #006D9C; " align="left">
<?php
if(isset($errMsg)){
echo '<div style="color:#FF0000;text-align:center;font-size:12px;">'.$errMsg.'</div>';
}
?>
<div style="background-color:#006D9C; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="" method="post">
<label>Username :</label><input type="text" name="username" class="box"/><br /><br />
<label>Password :</label><input type="password" name="password" class="box" /><br/><br />
<input type="submit" name='submit' value="Submit" class='submit'/><br />
</form>
</div>
</div>
</div>
</body>
</html>

Answer

There's an error in your query, which is why mysqli_fetch_array() is returning false instead of the object.

Try the following to see what the issues can be.

if (!$result) {
    printf("Error: %s\n", mysqli_error($db));
    exit();
}

From your code however, the query should really be (providing that the username and password are not empty):

$sql = "SELECT * FROM tbl_users WHERE username = '" . $myusername . "' and password = '" . $mypassword . "'";
Comments