Login.php error

[Mylo Sepz]

saya baru mulai proyek script. eh diawal mulai saya menemukan suatu masalah. masalahnya muncul error

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in xxxxxx\login.php on line 12

padahal di database users ada username, password, dan email

coba registrasi berhasil tapi pas login error.

nih scriptnya mastah

registration.php

<?php
include("db.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); 
$password=mysql_real_escape_string($_POST['password']); 
$password=md5($password); // Encrypted Password
$email=mysql_real_escape_string($_POST['email']);
$sql="Insert into users(username,password,email) values

('$username','$password','$email');";
$result=mysql_query($sql);
echo "Registration Successfully";
}
?>
<html>
<body>
<form action="registration.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />


<label>Password :</label>
<input type="password" name="password"/><br/>

<label>E-mail :</label>
<input type="text" name="email"/><br />
<input type="submit" value=" Registration "/><br />
</form>
</body>
</html>

login.php

<?php
include("db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); 
$password=mysql_real_escape_string($_POST['password']); 
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: welcome.php");
}
else 
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>

tolongin dong mastah

 

[cpserv]

$sql="SELECT id FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

disitu ya? coba pake wildcard dulu dan kondisinya diapus. masih error ga..

$sql="SELECT * FROM users";

 

[searchweb]

coba perbaiki bagian ini, hilangkan ";"

$sql="INSERT into users(username,password,email) values ('$username','$password','$email')";

saran saya sebaiknya metode Insertnya diubah dengan Set. Kodenya jadi

$sql=("INSERT into users SET username='$username', password='$password', email='$email'");

trs coba digabung aja bagian ini, kalo gak bisa num row baru didefinisi kedalam string.

$sql=mysql_query("SELECT id FROM users WHERE username='$username' and password='$password'");
if(mysql_num_rows($sql) == 1) {

 

[Mylo Sepz]

wah makasih atas replynya mastah sekarang udah solved pake yang @cpserv bilang

 

[Mylo Sepz]

wah yang dibilang mas @cpserv itu cuma bertahan di localhost pas di upload ke web eh error lagi

 

[Doel]

alternate:

$sql = "SELECT `id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query( $sql );
$tmp = mysql_fetch_assoc( $result );
$count = count( $tmp );

btw, kenapa ga pakai prepared statement (PDO atau MySQLi extension), pak? lebih aman dari SQL-injection

 

[dpnux]

Coba di mysql_querynya ditambahkan menjadi seperti ini

$result = mysql_query($sql) or die(mysql_error());

Tujuannya supaya tahu kenapa query tidak menjadi resource. Kemudian boleh juga debug output variable $sql nya, kemudian cobain di phpMyAdmin.

wah yang dibilang mas @cpserv itu cuma bertahan di localhost pas di upload ke web eh error lagi

 

[Mylo Sepz]

masalah sudah selesai ternyata dari

$sql = "SELECT `id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";

diubah menjadi

$sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";

nah sekarang ke masalah selanjutnya nih gimana caranya dari script login diatas bisa ngambil code sesion?

session_start();
$uid=$_SESSION['user_id'];

biar menjadi seperti ini

session_start();
$uid=1;

 

[dpnux]

//dalam block if sebelum redirect welcome.php

$data = mysql_fetch_array($result);
$_SESSION['user_id'] = $data['uid'];
header("location: welcome.php");

di halaman selanjutnya yang butuh user_id yang loggedin tinggal narik dari $_SESSION['user_id'];

session_start();
$uid = $_SESSION['user_id'];
echo 'Hello user with uid : '.$uid;

 

[Mylo Sepz]

//dalam block if sebelum redirect welcome.php

$data = mysql_fetch_array($result);
$_SESSION['user_id'] = $data['uid'];
header("location: welcome.php");

di halaman selanjutnya yang butuh user_id yang loggedin tinggal narik dari $_SESSION['user_id'];

session_start();
$uid = $_SESSION['user_id'];
echo 'Hello user with uid : '.$uid;

itu di taruh dimana mas?