Mysql and PHP Error Message Please Help

I am getting this error message each time I attempt to login to my admin area. The error occurs when I enter my user name and password:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/bid/public_html/siteadmin/password.php on line 8

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/bid/public_html/siteadmin/password.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at /home/bid/public_html/siteadmin/password.php:8) in /home/bid/public_html/siteadmin/password.php on line 35

<?php
	session_start();
   include("admin.config.inc.php");
   include("connect.php");
   
  $query="select * from admin where username='".$_POST["name"]."' and pass='".$_POST["pass"]."'";
  $result=mysql_query($query,$db);
  $row=mysql_fetch_array($result);
  $total = mysql_num_rows($result);
  $name=$_POST['name'];
  $pass=$_POST['pass'];
  $ADMIN_USERNAME=$row["username"];
  $ADMIN_PASSWORD=$row["pass"];
  
  if($total>0)
  {	  
	  if($name==$username && $pass==$password)
	  {
		  if(isset($userofadmin))
		{
	   
		  setcookie("userofadmin","");
		  $userofadmin="";
		}
		$_SESSION["userofadmin"] = $name;
		$_SESSION['logedin'] = true;
		$_SESSION["type"] = $row["type"];
		$_SESSION["username"] = $name;
		$_SESSION["logid"] = $row["id"];
		header("Location:innerhome.php");
	  }
  }
  else
  {
header("Location:index.php?id=1");
  }
?>

Open in new window

rafique12Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bobaran98Commented:
This isn't actually an error, it's just a warning... and it's a warning you'll see if your resultset is empty (if there aren't any results for the query you've run).

Before you try calling mysql_fetch_array(), you need to count the number of results you got.  I suggest something that begins like the following:



<?php
   session_start();
   include("admin.config.inc.php");
   include("connect.php");
   
  $query="select * from admin where username='".$_POST["name"]."' and pass='".$_POST["pass"]."'";
  $result=mysql_query($query,$db);
 
  //here's that count conditional I mentioned:
  if(mysql_numrows($result) > 0) {
 
    $row=mysql_fetch_array($result);
    $total = mysql_num_rows($result);
    // and so on, etc. etc.
 
  }
 
?>

Open in new window

0
szewkamCommented:
1. Two warnings about mysql errors are most probably because of bad sql statement.
Change line: $result=mysql_query($query,$db); to $result=mysql_query($query,$db) or die(mysql_error());
to see what causes problems with executing the query.
These warning might occured also when your query doesn't return any rows. Make sure that with username and password you enter there are corresponding row in db.
2. Error "Cannot modify header information" is caused by trying to set cookie after sending some text to web browser (enter is also text). If you can't change it you have to add ob_start() at very beginning of your script, and ob_end_flush() at end of script.
3. You have to filter information from forms you passed to sql query. At least by using function mysql_real_escape_string() for this. Without it it's very simple to use SQL Injection and get unauthorized access to your site
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.