So i have a username and password form posting data to this process.php file. But the error in trap in my code is suggesting something is wrong with the mysql query: "The username and password don't match. We will take you back to the login page in two seconds."
The md5 is working c开发者_C百科orrectly and i have checked the data base tables all the rows are in there and how it should be. Any suggestions? Thanks Dave.
<?php
//Code DavidMaitland.me 2011
//Process data from the login form
require('database.php');
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string(md5($_POST["password"]));
$client_query = mysql_query("SELECT * FROM clients WHERE client_username='$username' and client_password='$password'") or die (mysql_error());
$client_data = mysql_fetch_array($client_query, MYSQL_ASSOC);
if(mysql_num_rows($client_data) == 1) {
session_start();
$_SESSION['client_id'] = $client_data['id'];
header('Location: account.php');
} else {
echo "The username and password don't match. We will take you back to the login page in two seconds.";
header('Refresh: 2; url=index.php');
}
?>
Change this line:
if(mysql_num_rows($client_data) == 1) {
to
if(mysql_num_rows($client_query) == 1) {
mysql_num_rows() requires direct results of a mysql_query()
call.
You'll want to use mysql_num_rows($client_query)
instead of mysql_num_rows($client_data)
.
Change this part
if(mysql_num_rows($client_query) == 1) {
session_start();
$_SESSION['client_id'] = $client_data['id'];
header('Location: account.php');
} else {
echo "The username and password don't match. We will take you back to the login page in two seconds.";
header('Refresh: 2; url=index.php');
}
Since you are counting the amount of rows via mysql_num_rows on a fetched array, you should instead count it on the resource ($client_query)
精彩评论