i keep getting this error whether my login is correct or wrong
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\private_message_system\core\inc\user.inc.php on line 10
[syntax=php]<?php
// checks a given username and password combination, returning the users id
function validate_credentials($user_name, $user_password)
{
$user_name = mysql_real_escape_string($user_name);
$user_password = sha1($user_password);
$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");
if (mysql_num_rows($result) != 1) {
return false;
}
return mysql_result($result, 0);
}
?>[/syntax]
if anymore code needed just ask
regards
collie
php private message system part 4
Re: php private message system part 4
The problem is with you using semiqoutes ( ' ) instead of backticks ( ` ) in your select statement.
This
[syntax=php]$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");[/syntax]
Should be this:
[syntax=php]$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = '{$user_name}' AND `user_password` = '{$user_password}' ");[/syntax]
This
[syntax=php]$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");[/syntax]
Should be this:
[syntax=php]$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = '{$user_name}' AND `user_password` = '{$user_password}' ");[/syntax]
Re: php private message system part 4
got it working now, thank you. what is the difference between them??
Re: php private message system part 4
There are words in the SQL language called reserved words. These are generally the conditions in an SQL statement such as SELECT, UPDATE, INSERT, WHERE, etc. Now if you had a table name that used one of these reserved words, it would cause an error because SQL would assume you are using it as a condition. To combat this, you use backticks. This tells SQL that whatever is inside the backticks will be a table, column, or field in the database. Semiquotes are used in SQL to surround data. You should always use semiquotes around your data (SQL Injection protection), but it can be used without them.
<?php while(!$succeed = try()); ?>