5

i know that we already had a lot of question about this error, but i can not fix my code, so anyone here please help me fix this problem. my code like this

function login($username, $password) {
    $user_id = user_id_from_username($username);

    $username = sanitize ($username);
    $password = md5 ($password);

    return (mysql_result(mysql_query("SELECT COUNT (`user_id`) FROM `users` 
        WHERE `username` = '$username' AND `password` = '$password'"),0)==1) ? $user_id : false;

i am looking forward to hear from you guys. i am a new member on this so please keep your answer as simple as possible. thank you.

Svetoslav
  • 4,686
  • 2
  • 28
  • 43
Hoàng Trung Hiếu
  • 209
  • 1
  • 3
  • 14
  • 2
    Echo your query instead of executing it, copy it, paste it into phpmyadmin or something similar and see if the query executes. – Epodax Nov 25 '15 at 07:53
  • 1
    http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1 – Sebastian Brosch Nov 25 '15 at 08:00
  • 1
    Why the hell you first find the user_id by username and after that you make a second query to verify the password instead of making it at once? And between those 2 actions you sanitize the username (so it may become even different between the 2 queries..) – Svetoslav Nov 25 '15 at 08:03
  • i am just study from scratch, and i follow this one on youtube, i dont know why in this video they could do it but i can not. – Hoàng Trung Hiếu Nov 25 '15 at 08:33

5 Answers5

1

I think that this problem is occured because : You write mysql every where. Instead Of that write it mysqli every where. If till now also the problem is not resolved. Let me know I will tell another method to fix this issue.

Tejaswa
  • 11
  • 10
0

Here is a little remake of you method.

! Important - MYSQL functions should be replaced with MYSQLi as MYSQL driver is deprecated after php 5.5 and removed in the new PHP7... 

function login($username, $password) {
    $username = sanitize ($username);
    $password = md5 ($password);

    $sql = "SELECT `user_id` FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}'";
    $result = mysql_query($sql);
    if( $row = mysql_fetch_assoc($result)) {
        return $row['user_id'];
    }
    return FALSE;
}
Svetoslav
  • 4,686
  • 2
  • 28
  • 43
0

mysql_query will return false on error, and a resource on success. You need to check the return value of mysql_query before calling mysql_result. 

$resource = mysql_query("SELECT COUNT (`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'") or die(mysql_error());
if($resource !== false) 
{
    return (mysql_result($resource,0)==1) ? $user_id : false;
}   
return false

I would also escape the input if you have not done so already using mysql_real_escape_string()

Daryl B
  • 525
  • 5
  • 16
  • it does not work for me, still error, i did follow this one on a video, they can run it while i can not. – Hoàng Trung Hiếu Nov 25 '15 at 08:42
  • I would suspect you are getting a database error if you are still getting that warning. Perhaps echo out the SQL and run it manually and solve the SQL error. Once this is working properly, then you can rule that out. – Daryl B Nov 25 '15 at 22:45
0

Thats error means that all in mysql_result( HERE ) is returns false not a resourse!

You need to var_dump, what final result you get in your query then try execute in via PMA of via console from mysql>
You will see that nothing is returned or error in query.

then fix your query and/or code and be cool!

if too hard, post in comments your resul query, i'll fix it !

Vladimir Ch
  • 487
  • 1
  • 12
  • 26
-1

Remove the last ` on your query next to false.

William Madede
  • 727
  • 4
  • 8