php private message system part 4

[collie]

i keep getting this error whether my login is correct or wrong

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\private_message_system\core\inc\user.inc.php on line 10

<?php
	// checks a given username and password combination, returning the users id
	function validate_credentials($user_name, $user_password)
	{
		$user_name = mysql_real_escape_string($user_name);
		$user_password = sha1($user_password);

		$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");

		if (mysql_num_rows($result) != 1) {
			return false;
		}
		return mysql_result($result, 0);
	}

?>

if anymore code needed just ask

regards

collie

[Temor]

The problem is with you using semiqoutes ( ' ) instead of backticks ( ` ) in your select statement.

This

$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");

Should be this:

$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = '{$user_name}' AND `user_password` = '{$user_password}' ");

[collie]

got it working now, thank you. what is the difference between them??

[ScTech]

There are words in the SQL language called reserved words. These are generally the conditions in an SQL statement such as SELECT, UPDATE, INSERT, WHERE, etc. Now if you had a table name that used one of these reserved words, it would cause an error because SQL would assume you are using it as a condition. To combat this, you use backticks. This tells SQL that whatever is inside the backticks will be a table, column, or field in the database. Semiquotes are used in SQL to surround data. You should always use semiquotes around your data (SQL Injection protection), but it can be used without them.