mysql num rows help issue

Question

Im totally confised by this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\le\login.php on line 10

Can any one help me? I'm new in php

Code :

    <?php 
$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
$connect = mysql_connect("localhost", "root", "") or die("Could'nt Connect");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
mysql_select_db("shit") or die("cant find db");
$numrows = mysql_num_rows($query);
echo $numrows;
} else 
  die("please enter username and a password");

 ?>

Move `mysql_select_db` before the `$query`. You also are open to SQL injections. — chris85, Jan 22 '17 at 18:24
Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) — RiggsFolly, Jan 22 '17 at 18:25
i fixed the problem from @chris85 thanks mate and thanks to u_mulder tho — Mouad Alsahel, Jan 22 '17 at 18:26
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Jan 22 '17 at 18:26
Also you aren't doing anything with `$password` here, if this is a login form it is insecure (multiple reasons). — chris85, Jan 22 '17 at 18:26
@RiggsFolly i just test my first script and i dont want to share it . thanks — Mouad Alsahel, Jan 22 '17 at 18:28
i see a video and i type anything typed by the video (tutorial of login system) and i dont know yet what i type and i dont understand it correctly . thanks guys. how i can support you in your profile? can i make a review in your profile for support? @chris85 — Mouad Alsahel, Jan 22 '17 at 18:28
That video is demonstrating very poor practices. Please dont continue with it. Is this a login form? This was caused by a typo so I'd say the question could be deleted. PDO/mysqli is the driver you should be using, and you should use parameterized queries with it. — chris85, Jan 22 '17 at 18:30

score 0 · Accepted Answer · answered Jan 22 '17 at 18:29

0

I suggest you using mysqli to interact with db. mysql_query is deprecated. See documentation here: http://php.net/manual/en/function.mysql-query.php

To connect with DB in mysqli you can do:

$DBhost = "localhost";
$DBuser = "your-user";
$DBpass = "your-password";
$DBName = "your-db-name";

// Create connection
$mysqli = new mysqli($DBhost, $DBuser, $DBpass, $DBName);

// Check connection
if ($mysqli->connect_error) {
   die("Connection failed: " . $mysqli->connect_error);
}

answered Jan 22 '17 at 18:29

al27091

111
5

1

Yes fine, but without converting all the OP's code this is rather useless – RiggsFolly Jan 22 '17 at 18:36
Someone already answered the questions in comments. I only pointed out another way to do the same things in best practices. I would have left a comment but I could not because I have subscribed to stack overflow recently. – al27091 Jan 22 '17 at 18:39

mysql num rows help issue

1 Answers1