Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php

Question

i'm getting the following error

everything else work fine... except for this !

Here's my query :

<?php

$inputuser = $_POST["user"];
$inputpass = $_POST["pass"];

$user = "root";
$password = "";
$database = "share";

$connect = mysql_connect("localhost:3306",$user,$password);
@mysql_select_db($database) or ("Database not found");

$query = "SELECT * FROM 'users' WHERE 'username'= '$inputuser'";
$querypass = "SELECT * FROM 'users' WHERE 'password'= '$inputpass'";

$result = mysql_query($query); 
$resultpass = mysql_query($querypass); 

$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);

$serveruser = $row['user'];
$serverpass = $row['password'];

if ($serveruser && $serverpass) {
    if (!$result) {
       die ("Invalid Username/Password");

 }
        header('Location: Fail.php');
        mysql_close();


if ($inputpass == $serverpass) {

        header('Location: Home.php');

} else {


}
}

?>

Kindly don't use `mysql_*` functions as they are deprecated. — Praveen Kumar Purushothaman, Dec 30 '15 at 08:13
Use backtick in column and table name and your whole query inside quotes `$query = "SELECT * FROM `users` WHERE `username`= '$inputuser'"; ` — Saty, Dec 30 '15 at 08:28

Praveen Kumar Purushothaman · Accepted Answer · 2015-12-30T08:40:38.010

0

Do not use mysql_* functions. They are deprecated.

You have an error in your SQL Syntax. Change your queries to this:

SELECT * FROM `users` WHERE `username`= '$inputuser';
SELECT * FROM `users` WHERE `password`= '$inputpass';

You must use backticks, ` and not ' quotes.

And please try to combine them like this:

SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass';

What if there are two users with the same password? You cannot expect all the users to use different passwords right?

Other things. You are passing the user input directly to the SQL. This is very bad and leads to SQL Injection. So you need to sanitize the inputs before you can send it to the Database server:

$inputuser = mysql_real_escape_string($_POST["user"]);
$inputpass = mysql_real_escape_string($_POST["pass"]);

Again, do not use mysql_* functions.

Update the Code

Use the following code.

// single query
$query = "SELECT * FROM `users` WHERE `username`='$inputuser' AND `password`='$inputpass'";
// your original query
$query = "SELECT * FROM `users` WHERE `username`= '$inputuser'";

Final Code

<?php
    $inputuser = mysql_real_escape_string($_POST["user"]);
    $inputpass = mysql_real_escape_string($_POST["password"]);

    $user = "root";
    $password = "";
    $database = "share";

    $connect = mysql_connect("localhost", $user, $password);
    @mysql_select_db($database) or ("Database not found");

    $query = "SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass'";

    $result = mysql_query($query); 

    if (mysql_num_rows($result) == 1) {
        header('Location: Home.php');
        die();
    }
    else {
        header('Location: Fail.php');
        die ("Invalid Username/Password");
    }
?>

edited Dec 30 '15 at 08:40

answered Dec 30 '15 at 08:14

Praveen Kumar Purushothaman

164,888
24
203
252

know its giving me this error Parse error: syntax error, unexpected '`' in C:\xampp\htdocs\login.php on line 13 – Christepher Arakelian Dec 30 '15 at 08:20
@ChristepherArakelian Can you kindly put the full line here inside the comment? Just the code will do. – Praveen Kumar Purushothaman Dec 30 '15 at 08:21
Parse error: syntax error, unexpected '`' in C:\xampp\htdocs\login.php on line 13 – Christepher Arakelian Dec 30 '15 at 08:27
@ChristepherArakelian I asked you to put the code. Full line of code. – Praveen Kumar Purushothaman Dec 30 '15 at 08:27
yeah sorry here it is : $query = SELECT * FROM `users` WHERE `username`= '$inputuser'; – Christepher Arakelian Dec 30 '15 at 08:28
Why haven't you wrapped it inside `"`? You did it correctly the first time. – Praveen Kumar Purushothaman Dec 30 '15 at 08:28
now it worked but whenever i enter the right username and pass it still gives me the Failed login page – Christepher Arakelian Dec 30 '15 at 08:34
@ChristepherArakelian Which one did you try? Did it worked for you any time before? – Praveen Kumar Purushothaman Dec 30 '15 at 08:34
@ChristepherArakelian See the edit in the question. – Praveen Kumar Purushothaman Dec 30 '15 at 08:36
yeah it did... i did change the '' to `` it worked but on line 13 and 14 – Christepher Arakelian Dec 30 '15 at 08:37
yeah how do i accept your answer ? – Christepher Arakelian Dec 30 '15 at 08:37
@ChristepherArakelian I have updated the final code for you. Kindly check it out. – Praveen Kumar Purushothaman Dec 30 '15 at 08:40

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php

1 Answers1