BetterPHP

i keep getting this error whether my login is correct or wrong

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\private_message_system\core\inc\user.inc.php on line 10

<?php
	// checks a given username and password combination, returning the users id
	function validate_credentials($user_name, $user_password)
	{
		$user_name = mysql_real_escape_string($user_name);
		$user_password = sha1($user_password);

		$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");

		if (mysql_num_rows($result) != 1) {
			return false;
		}
		return mysql_result($result, 0);
	}

?>

if anymore code needed just ask

regards

collie

The problem is with you using semiqoutes ( ' ) instead of backticks ( ` ) in your select statement.

This

$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}' ");

Should be this:

$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = '{$user_name}' AND `user_password` = '{$user_password}' ");

got it working now, thank you. what is the difference between them??

There are words in the SQL language called reserved words. These are generally the conditions in an SQL statement such as SELECT, UPDATE, INSERT, WHERE, etc. Now if you had a table name that used one of these reserved words, it would cause an error because SQL would assume you are using it as a condition. To combat this, you use backticks. This tells SQL that whatever is inside the backticks will be a table, column, or field in the database. Semiquotes are used in SQL to surround data. You should always use semiquotes around your data (SQL Injection protection), but it can be used without them.