Home/ Questions/Q 7852487
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T19:25:46+00:00

What am I doing wrong here: <?php if (isset($_POST[‘submitted’])) { $errors = array(); require_once

  • 0

What am I doing wrong here: 

<?php
    if (isset($_POST['submitted'])) {

    $errors = array();
        require_once ('mysql_connect.php');

    session_start();
    $username = $_POST["username"]; // This is the inputted username from the form in Login.html
    $password = $_POST["password"]; // This is the inputted password from the form in Login.html


    if (empty($errors)) {
        $query="SELECT username FROM users WHERE username='$username' AND password='SHA($password)'"; 

        $result = mysql_query($query);  

        // Mysql_num_row is counting table row

        if (mysql_num_rows($result) == 1) {
                $_SESSION["username"] = $username; // Creates a cookie saving the username
                $_SESSION["loggedIn"] = true; // Creates a cookie saying the user is logged in
            // Show thank you message
            echo '<h3 style="color:green;">Thank You!</h3>
            <span style="color:green;">You have been logged in.</span>';
        } else {
            echo '<font color="red">You could not be logged in, please make sure your username and password is correct.</font>';
            foreach ($errors as $msg) {
            echo " - <font color=\"red\">$msg</font><br />\n";
            }
        }

} else {
        echo '<font color="red"><h3>Error!</h3>
        The following error(s) occured:<br /></font>';

        foreach ($errors as $msg) {
            echo " - <font color=\"red\">$msg</font><br />\n";
        }
    }
}
?>

I get a:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /login.php on line 19

Also is the way I SHA the password correct?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem is that your MySQL query is causing an error, which means that your $result doesn’t actually contain a result resource.

    You need to remove the '' from around SHA($password) in your query, and instead put them around the password value, like so:

    $query="SELECT username FROM users WHERE username='$username' AND password=SHA('$password')";

    Also is the way I SHA the password correct?

    That depends on how the passwords were hashed when they were inserted into the database. MySQL’s SHA() is the same as its SHA-1():

    Calculates an SHA-1 160-bit checksum for the string, as described in RFC 3174

    Which is also the same as PHP’s sha1(); so, for example, if the passwords in the database are SHA-1 hashes that were created using PHP’s sha1(), it should be fine.

    Side Notes

    • 0