3

I'm writing a small login class for an application of mine, however, I think my query is bad, because when I call mysql_fetch_assoc() on the result of the query, I get this error:

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given

I'm familiar with how mysql_fetch_assoc() works, but I'm guessing the call to mysql_query() is returning false, which is obviously a boolean, producing the error.

Here's the query:

$loginsql = 'SELECT userid, username, password FROM users WHERE username=\'. $username .\' AND password=\'. $password .\'';

Note: I realize the "mysql_" function set in PHP is deprecated as of 5.5, but I'm using 5.3.8 and just practicing. I will refactor the application later using PDO.

classes.php

<?php

class connectToDb {
    function dbConnect($config) {   
        $connection = mysql_connect($config['host'], $config['dbuser'], $config['dbpass']);
        if ($connection) {
            mysql_select_db($config['db'], $connection);
        } else {
            echo "Could not connect to database!";
        }
    }
}

class registerAccount {
    function doRegister($regusername, $regpassword, $regemail) {
        $regsql = "INSERT INTO users (username, password, email) VALUES ('$regusername', '$regpassword', '$regemail')";
        if (mysql_query($regsql)) {
            echo "Successfully registered!";
        } else {
            echo "Problem with registration!";
        }
    }
}

class loginAccount {
    function doLogin($username, $password) {
        mysql_real_escape_string($username);
        mysql_real_escape_string($password);

        hash('sha256', $password);

        $loginsql = 'SELECT userid, username, password FROM users WHERE username=\'. $username .\' AND password=\'. $password .\'';

        $result = mysql_query($loginsql) or die(mysql_error());

        $loginrow = mysql_fetch_assoc($result);
        if ($loginrow) {
            $_SESSION['username'] = $loginrow['username'];
            $_SESSION['userid'] = $loginrow['userid'];
        } else {
            echo "Incorrect username and/or password!";
        }
    }
}
Improve this question
15
  • Check the quoting in the $loginsql=... line Commented Jul 1, 2013 at 23:51
  • Can I recommend using the mysqli_* functions instead of mysql_? They have a set of non-OO functions that behave almost identically to the mysql_ functions. Commented Jul 1, 2013 at 23:51
  • 2
    @jcsanyi You can, although, I will be ditching the mysql and mysqli functions altogether when I refactor using PDO. Commented Jul 1, 2013 at 23:52
  • 1
    @MehdiKaramosly That will come when I switch to PDO. Commented Jul 1, 2013 at 23:56
  • 1
    So if you run this: $select = mysql_select_db($config['db'], $connection); if(!$select) die(mysql_error()); what does it show? Commented Jul 2, 2013 at 0:07

1 Answer 1

Reset to default
8

mysql_query() returns false if there's an error. If it returns false, you can get the error message with mysql_error(), which should give you a hint about what's wrong with the query.

This is why you used to see a lot of these style queries:

$result = mysql_query('SELECT foo FROM bar') or die(mysql_error());
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Calling mysql_error() produces "No database selected." However, I did select a database. Let me edit in the code to the question.
Check the result of your mysql_select_db() call to make sure that it isn't failing.
Fixed it. It actually had nothing to do with the query. I made a rookie mistake and didn't instantiate a new object of the connectToDb class on the login page before trying to call the doLogin method.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.