5

I cant seem to figure out what I'am doing wrong. So when I submit my form I get Warning error and the

Notice: Undefined variable: dbusername in /Library/WebServer/Documents/ArturoLuna_Final/loginCheck.php on line 30

$username = $_POST['username'];
$password = $_POST['password']; 

if($username&&$password)
{
    require 'conn.php';
    $query = "SELECT * FROM  users WHERE username='$username'";
    $result = $mysql->query($query) or die(mysqli_error($mysql));
    $numrows = $result->num_rows;
    
    if ($numrows!=0)
    {
        while($row = mysql_fetch_assoc($result))
        { 
            $dbusername = $row['username'];
            $dbpassword = $row['password']; 
        }

        //check to see if they match!
        if($username==$dbusername&&$password==$dbpassword)
        { 
            echo "youre In!";
        }
        else
        echo "incorrect password!";
        
    }
    else
        die("that user is dead");
    
    //echo $numrows;
    
}

else

    echo ("Please Enter Username")

what can I be possibly doing wrong?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Arturo Luna
  • 83
  • 1
  • 1
  • 5

2 Answers2

14

Change

while($row = mysql_fetch_assoc($result))

to

while($row = $result->fetch_assoc())

You missed an i off the function name, and mixed up OO and procedural style code, so you are mixing up mysql_* result resources and mysqli_result objects.

DaveRandom
  • 87,921
  • 11
  • 154
  • 174
7

You're mixing traditional PHP MySQL functions mysql_* with the MySQLi interface. In this case, mysql_fetch_assoc() expects a resource handle created with mysql_query().

To retrieve the correct result, you'll need to use MySQLi's method:

$row = $result->fetch_assoc();

And while you're at it, you might want to consider making the code less susceptible to MySQL injection. Properly escape any user provided input before interpolating it into a query string, or better yet, use MySQLi parameter binding facilities.

Linus Kleen
  • 33,871
  • 11
  • 91
  • 99