Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/thedownr/public_html/realestate1/admin/login.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /home/thedownr/public_html/realestate1/admin/login.php:13) in /home/thedownr/public_html/realestate1/admin/login.php on line 22

Here is what the file looks like:


<?PHP

require("config.php");

$password = md5($_POST[pass]);

if ($_POST[user] == "admin") {
$id = "admin";
}

$q = mysql_query("SELECT password FROM config WHERE user='$id' AND password='$password'");

if (mysql_num_rows($q) == 1) {
setcookie("user","admin",time()+3600);

$a = mysql_fetch_array($q);
$code = md5($a[password]);

setcookie("admincode",$code,time()+3600);
}

header("Location: index.php");

?>


Any ideas?

password is reverved mysql word. Quote it with backticks like this:
`password`

That didn't work. In fact, I'm using a similar copy of the script on another site, and password is written in the query exactly as above, and it works fine. I'm confused! :-/

password is reverved mysql word. Quote it with backticks like this:
`password`

"password" is not a reserved word in MySQL. You can check the list at http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html

Try something similar to this:

mysql_query("SELECT `password` FROM `config` WHERE `user` = '".$id."' AND `password` = '".$password."'") or die(mysql_error());

Then hopefully it should indicate to you which part of your MySQL statement is invalid, and kill the script process.

Hope that helps,

Please use mysql_error() (http://php.net/mysql-error) and report its findings.

"password" is not a reserved word in MySQL. You can check the list at http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html

"password" is mysql function name:
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_password

I think the problem is that you have to run the mysql_query function on the query first and then count the number of rows in the result set.

So instead of:

$q = mysql_query("SELECT password FROM config WHERE user='$id' AND password='$password'");

if (mysql_num_rows($q) == 1) {

do:

$q = mysql_query("SELECT password FROM config WHERE user='$id' AND password='$password'");

$result = mysql_query($q);

if (mysql_num_rows($result) == 1) {

Please use mysql_error() (http://php.net/mysql-error) and report its findings.

The error is "No database selected." I don't understand why since I have the correct database name in my config.php file:

$user = "XXXXXXXXX";
$pass = "XXXXXXXXXX";
$db = "thedownr_listings";

Did you use mysql_select_db() (http://uk.php.net/mysql_select_db) to select your database correctly? An example of how to select a database is available by clicking the link to the PHP Manual. :)

Hope that helps,

I did it this way:


$host = "localhost";

$user = "XXXXXXXX";
$pass = "XXXXXXXX";
$db = "thedownr_listings";

$uploadpath = "../photos";

// -- NO CHANGE BELOW --

mysql_connect($host,$user,$pass);
mysql_select_db($db);

if ($_POST[user] == "admin") {
$id = "admin";
}
$q = mysql_query("SELECT password FROM config WHERE user='$id' AND password='$password'");
Eww. Have you given any thought to:
1. What happens if $_POST[user] is not "admin"
2. What else could happen if (heaven forbid) register_globals is on...

(Snip: You worked this bit out already)

The error is "No database selected." I don't understand why since I have the correct database name in my config.php file:


The error says it all. The PHP script was unable to connect to the database. Make sure that user account you are using has access to the database.

In cPanel, after creating the user, you have to add it to the database.