-1

So, I just wrote a code where the admin can look at the username and password of the users. I wrote bit of code and copied a bit from w3schools :p. So. Whenever I run the code, it shows the error [Call to a member function query() on resource]

Here's my code:

Process.php

<?php
    $username = $_POST['uname'];
    $password = $_POST['pass'];

    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysql_escape_string($username);
    $password = mysql_escape_string($password);

    $conn = mysql_connect("localhost","root","");
    mysql_select_db("Login3");

    $result = mysql_query("select * from users where username = '$username' and password = '$password'");
    $row = mysql_fetch_array($result);

    if($row['username'] == $username && $row['password'] == $password) {
        echo "Welcome " . $row['username'];
    }
    else {
        echo "Invalid Credentials";
    }

    echo <h3>User List</h3>;

    mysql_connect("localhost","root","");
    mysql_select_db("Login3");

    $sql = "SELECT id, username, password FROM users";
    $request = $conn->query($sql);
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            echo "<br> id: ". $row["id"]. " - Name: ". $row["username"]. " " . $row["password"] . "<br>";
        }
    } else {
        echo "0 results";
    }

    $conn->close();
?>

Index.html

<!DOCTYPE html>
<html>
<head>
    <title>Login | Home</title>
</head>
<body>
    <form action="process.php" method="POST">
        <h3>Login</h3>
        Username: <input type="text" name="uname"><br><br>
        Password: <input type="password" name="pass"><br>
        <input type="submit" name="btn">
    </form>
    <br>
    <b>Test Accounts</b>
    <table>
        <tr>
            <th>Username</th>
            <th>Password</th>
        </tr>
        <tr>
            <td>admin</td>
            <td>admin@123</td>
        </tr>
    </table>
</body>
</html>
<style>

    table, th, tr, td {
        width: 25%;
        border-collapse: collapse;
    }
    th, td {
        border: 1px solid grey;
        text-align: center;
    }
    tr {
        background: white;
        transition-duration: 0.3s;
    }
    tr:hover {
        background: #ddd;
    }

Please correct my code and tell me where i am wrong.

Fanie Void
  • 331
  • 1
  • 9
Lavish Sardana
  • 29
  • 1
  • 5
  • 2
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde May 02 '18 at 12:28
  • **Never store plain text passwords!** Please use **[PHP's built-in functions](http://php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde May 02 '18 at 12:29
  • okay. i understand everything, i'll take care of it from next time onwards but for now can anybody point out the error please ? – Lavish Sardana May 02 '18 at 12:31
  • You're trying to mix mysql APIs. That doesn't work. – John Conde May 02 '18 at 12:36

1 Answers1

-2

First you should create one time database connection and follow proper syntex of query. You access query method of mysqli class that does not exist in your code if you want access query method then first create intance of this class other wise write proper query syntex. I corrected kindly check below

<?php
    $username = $_POST['uname'];
    $password = $_POST['pass'];

    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysql_escape_string($username);
    $password = mysql_escape_string($password);

    $conn = mysql_connect("localhost","root","");
    mysql_select_db("Login3");

    $result = mysql_query("select * from users where username = '$username' and password = '$password'");
    $row = mysql_fetch_array($result);

    if($row['username'] == $username && $row['password'] == $password) {
        echo "Welcome " . $row['username'];
    }
    else {
        echo "Invalid Credentials";
    }
?>
<h3>User List</h3>
<?php
    mysql_connect("localhost","root","");
    mysql_select_db("Login3");

    $sql = "SELECT id, username, password FROM users";
    $request = mysql_query($sql);
    if (mysql_num_rows($request) > 0) {
    while($row = mysql_fetch_array($request)) {
        echo "<br> id: ". $row["id"]. " - Name: ". $row["username"]. " " . $row["password"] . "<br>";
    }
} else {
    echo "0 results";
}
Devraj verma
  • 407
  • 3
  • 14