Click here to get back home

problems with login script
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.php    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
problems with login script morph.1989 05-19-2008
Get Chitika Premium
Posted by morph.1989 on May 19, 2008, 7:36 am
Please log in for more thread options
 Hi, I can't get this script to work.
I've used this exact script on other places and it works, but now i
get this error.

<code> Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
line 15 </code>

I can't see what is wrong.
Here is the script.

<code>
<?php
session_start();
$anvnamn = $_POST['usr'];
$losenord = $_POST['pwd'];

include "dbconnect.php";

$anv2 = mysql_real_escape_string($anvnamn, $dbconnect);
$los2 = mysql_real_escape_string($losenord, $dbconnect);

$sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '" .
                        $anvnamn . "' AND losen = '" . $losenord . "'";
$res = mysql_query($sqlfraga, $dbconnect);

if($rad = mysql_fetch_array($res))
{
        $_SESSION['logged_in_admin'] = true;
}
else
{
        $_SESSION['logged_in_admin'] = false;
}
?>
<html>
<body>
<?php
        if($_SESSION['logged_in_admin'])
        {
                echo("You are logged in");
                include('index.php');

        }
        else
        {
                echo ("go away");
        }
?>
</body>
</html>
</code>

Posted by Sjoerd on May 19, 2008, 7:59 am
Please log in for more thread options
 On May 19, 1:36=A0pm, morph.1...@gmail.com wrote:
> <code> Warning: mysql_fetch_array(): supplied argument is not a valid
> MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
> line 15 </code>
>
> $res =3D mysql_query($sqlfraga, $dbconnect);
> if($rad =3D mysql_fetch_array($res))

When the query fails, mysql_query() returns false, which results in
the error message you wrote. I am not sure if this is the case in your
situation, because this would also print a warning. Check the output
of mysql_query() and use mysql_error() to get the error message.




Posted by Robin on May 19, 2008, 8:05 am
Please log in for more thread options
morph.1989@gmail.com wrote:
> Hi, I can't get this script to work.
> I've used this exact script on other places and it works, but now i
> get this error.
>
> <code> Warning: mysql_fetch_array(): supplied argument is not a valid
> MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
> line 15 </code>
>
> I can't see what is wrong.
> Here is the script.
>
> <code>
> <?php
> session_start();
> $anvnamn = $_POST['usr'];
> $losenord = $_POST['pwd'];
>
> include "dbconnect.php";
>
> $anv2 = mysql_real_escape_string($anvnamn, $dbconnect);
> $los2 = mysql_real_escape_string($losenord, $dbconnect);

You create some escaped versions of the $_POST data...

> $sqlfraga = "SELECT anvnamn FROM administrator WHERE anvnamn = '" .
>                         $anvnamn . "' AND losen = '" . $losenord . "'";

... but then fail to use them (SQL injection alert!).

> $res = mysql_query($sqlfraga, $dbconnect);

Then fail to check whether $res is FALSE, which could be the case if
there was an issue with rights to the database.

> if($rad = mysql_fetch_array($res))

Which would cause this to error as described.

So, the error said that $res wasn't valid, so why didn't you check what
was being used? Simple debugging...

Robin

Posted by Rik Wasmus on May 19, 2008, 8:08 am
Please log in for more thread options

> morph.1989@gmail.com wrote:
>> Hi, I can't get this script to work.
>> I've used this exact script on other places and it works, but now i
>> get this error.
>> <code> Warning: mysql_fetch_array(): supplied argument is not a vali=
d
>> MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
>> line 15 </code>
>> I can't see what is wrong.
>> Here is the script.
>> <code>
>> <?php
>> session_start();
>> $anvnamn =3D $_POST['usr'];
>> $losenord =3D $_POST['pwd'];
>> include "dbconnect.php";
>> $anv2 =3D mysql_real_escape_string($anvnamn, $dbconnect);
>> $los2 =3D mysql_real_escape_string($losenord, $dbconnect);
>
> You create some escaped versions of the $_POST data...
>
>> $sqlfraga =3D "SELECT anvnamn FROM administrator WHERE anvnamn =3D '"=
.
>>                         $anvnamn . "' AND losen =3D '" . $losenord . "'";
>
> ... but then fail to use them (SQL injection alert!).

Hehe, you beat me to it, with even more or less the same format/wording =
:D
-- =

Rik Wasmus
...spamrun finished

Posted by Rik Wasmus on May 19, 2008, 8:07 am
Please log in for more thread options

> Hi, I can't get this script to work.
> I've used this exact script on other places and it works, but now i
> get this error.
>
> <code> Warning: mysql_fetch_array(): supplied argument is not a valid
> MySQL result resource in C:\xampp\htdocs\uploads\login_script.php on
> line 15 </code>
>
> I can't see what is wrong.
> Here is the script.
>
> <code>
> <?php
> session_start();
> $anvnamn =3D $_POST['usr'];
> $losenord =3D $_POST['pwd'];
>
> include "dbconnect.php";
>
> $anv2 =3D mysql_real_escape_string($anvnamn, $dbconnect);
> $los2 =3D mysql_real_escape_string($losenord, $dbconnect);

Proper escaping and then:

> $sqlfraga =3D "SELECT anvnamn FROM administrator WHERE anvnamn =3D '" =
.
>                         $anvnamn . "' AND losen =3D '" . $losenord . "'";

... using the unescaped variables!

You, my friend, are vulnerable to SQL injection. Use the $avn2 & $los2 =

variables in the query, that's why you escape()d them...

If you still have the same problem, echo $sqlfraga & mysql_error() to t=
he =

screen and check what's wrong with the query.
-- =

Rik Wasmus
...spamrun finished

Similar ThreadsPosted
Login problems July 25, 2004, 2:04 am
Login script for php August 14, 2006, 12:51 pm
Looking for a login script August 17, 2007, 8:27 am
Using variables in login script: August 11, 2004, 8:54 am
php login script - no mysql February 5, 2006, 2:53 pm
Help with a php register - login script August 24, 2007, 12:31 am
PHP Login Script, Why MD5 Hash? November 11, 2007, 12:12 pm
Re: OWA: 'Posting a Login' From Outside Script? July 16, 2008, 4:59 pm
Problem with simple PHP login Script March 23, 2006, 7:24 pm
session problem with login script April 25, 2006, 2:35 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap