Click here to Skip to main content
15,569,547 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
<?php
session_start();
define( 'USER_LEVEL_ADMIN', '1' );

$con = mysqli_connect('localhost', 'root' );

$db = mysqli_select_db($con, 'knoblylogin');


?>

<?php if(isset($_POST['submit'])){
	$username = $_POST['user'];
	$password = md5($_POST['pass']);
    
	$sql = " select * from  logintable where user='$username' and pass='$password' ";
    $result = mysqli_query($con,$sql);
	$level = mysqli_fetch_array($result,MYSQLI_NUM);
	
	if($level == 1){
	header ('location:adminmainpage.php');
		}
else{
	header('location:employee.php');
	}
}
?>


What I have tried:

Fatal error: Uncaught TypeError: mysqli_fetch_array(): Argument #1 ($result) must be of type mysqli_result, bool given in C:\xampp\htdocs\knobly\logincheck.php:18 Stack trace: #0 C:\xampp\htdocs\knobly\logincheck.php(18): mysqli_fetch_array(false, 2) #1 {main} thrown in C:\xampp\htdocs\knobly\logincheck.php on line 18


This is the error I got
Posted
Updated 21-Jan-22 5:52am
v2

mysql_fetch_array returns an array of strings that corresponds to the fetched row, or false if there are no more rows. The type of returned array depends on how result_type is defined

Try like following:

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("ID: %s  Name: %s", $row[0], $row[1]);  
}
 
Share this answer
 
v2
Comments
Kaviya R S 21-Jan-22 0:45am    
can i have ur mail id pls sir @m imran ansari
M Imran Ansari 21-Jan-22 7:39am    
Have your issue resolved? If you are facing any issue let me know.
As I said on your repost[^] of this question:

If you'd pasted the start of your error message into Google, or your preferred search engine, you would have found the hundreds of times this precise question has been asked before.

Returns false on failure.
Your query failed. Most likely because user is a reserved word in MySQL[^], and needs to be escaped.

HOWEVER, you have some extremely critical security vulnerabilities in your code:

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]


You are storing an unsalted hash of your users' passwords, using an ancient and insecure hashing algorithm - MD5 hasn't been considered "secure" for over two decades now.

You need to salt your hash, using a unique salt for each record, and use a secure hashing algorithm.

PHP provides built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900