Mencarta Posted January 8, 2010 Share Posted January 8, 2010 I have a PHP login system. The database,table, and username + password exists. Yet I keep getting this error:Warning: Wrong parameter count for mysql_query() in /www/zzl.org/s/t/o/stockgame/htdocs/login.php on line 14 Wrong Username and/or Password. Can you help me? <?php require("dbconnect.php"); //Database Connection Script //The Username & Password Sent From Form $username = $_POST['username']; $password = $_POST['password']; // To Protect Against MySql Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $result = mysql_query("SELECT * FROM 'users' WHERE username='%s' AND password='%s'",$username,$password); // Mysql_num_row is counting table row $count = @mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password And Redirect To 'portfollio.php' session_register("$username"); session_register("$password"); echo "You are logged in!"; } else { echo "Wrong Username and/or Password"; }?> Link to comment Share on other sites More sharing options...
justsomeguy Posted January 8, 2010 Share Posted January 8, 2010 For a format like that you need to use sprintf to substitute the values before sending the query:http://www.php.net/manual/en/function.sprintf.php Link to comment Share on other sites More sharing options...
Mencarta Posted January 8, 2010 Author Share Posted January 8, 2010 So: <?php require("dbconnect.php"); //Database Connection Script //The Username & Password Sent From Form $username = $_POST['username']; $password = $_POST['password']; // To Protect Against MySql Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $result = sprintf("SELECT * FROM 'users' WHERE username='%s' AND password='%s'",$username,$password); // Mysql_num_row is counting table row $count = @mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password And Redirect To 'portfollio.php' session_register("$username"); session_register("$password"); echo "You are logged in!"; } else { echo "Wrong Username and/or Password"; }?> Link to comment Share on other sites More sharing options...
justsomeguy Posted January 8, 2010 Share Posted January 8, 2010 You still need to use mysql_query to send the query, you just use sprintf to format the string first. Link to comment Share on other sites More sharing options...
Mencarta Posted January 8, 2010 Author Share Posted January 8, 2010 Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.