How do i login to my account?

Question

Here is my code. But, it does not work properly, once i login using username and password is shows error message like this:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\lumbiniinternational_hotel\administrator\login.php on line 26

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\lumbiniinternational_hotel\administrator\login.php on line 27

My full Code is:

if(isset($_POST['submit'])){
    $query="SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".$_POST['password']."' AND role='administrator'";
$result=mysql_query($query);
    $row=mysql_fetch_array($result,MYSQL_ASSOC);
    if(mysql_num_rows($result)>0){
        header("Location:index.php");
        $_SESSION['username']=$row['username'];
    }else
        $message=get_word($lang,"Wrong username or password.");
}
?>

I think while loop is missing here as in following:http://www.codeproject.com/Questions/692282/mysql-fetch-array-expects-parameter-to-be-resour https://answers.yahoo.com/question/index?qid=20111015015949AAXmj7U — Usman Waheed, Mar 27 '14 at 07:39
**Before you post a question asking “How do I solve this error?" do a search in the search box for the actual error message.** There you will probably find other questions from people who have had the exact same problem, and then you can learn how they solved it. — Andy Lester, Mar 27 '14 at 20:43

score 1 · Accepted Answer · answered Mar 27 '14 at 07:42

Both errors show that your query is wrong.
Make sure you have spelled field names correctly.
Enclose table name and field name with ` like this:

select `field_name` from `table_name`

Change your

$result=mysql_query($query);

with

$result=mysql_query($query) or die(mysql_error());

This will show you the proper sql error

Finally as a side note:
- stop using mysql extensions and switch to mysqli_ or PDO.
- sanitize your POST data before using it directly into your query

score 0 · Answer 2 · answered Mar 27 '14 at 07:42

Check if the query goes wrong, add a or die(mysql_error()) at the end of mysql_query

if(isset($_POST['submit'])){
    $query="SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".$_POST['password']."' AND role='administrator'";
    $result=mysql_query($query) or die(mysql_error());
    $row=mysql_fetch_array($result,MYSQL_ASSOC);
    if(mysql_num_rows($result)>0){
        header("Location:index.php");
        $_SESSION['username']=$row['username'];
    }else
        $message=get_word($lang,"Wrong username or password.");
}

In addition, I advise you to use directly mysql_fetch_assoc and not mysql_fetch_array

Mirko

Because you need to connect to an Database. Use `mysql_connect` and `mysql_select_db` — Mirko, Mar 27 '14 at 08:28

How do i login to my account?

2 Answers2