I need to fetch a column of SQL and check it using an if condition

Question

1.00/5 (1 vote)

See more:

PHP

<?php
session_start();
define( 'USER_LEVEL_ADMIN', '1' );

$con = mysqli_connect('localhost', 'root' );

$db = mysqli_select_db($con, 'knoblylogin');


?>

<?php if(isset($_POST['submit'])){
	$username = $_POST['user'];
	$password = md5($_POST['pass']);
    
	$sql = " select * from  logintable where user='$username' and pass='$password' ";
    $result = mysqli_query($con,$sql);
	$level = mysqli_fetch_array($result,MYSQLI_NUM);
	
	if($level == 1){
	header ('location:adminmainpage.php');
		}
else{
	header('location:employee.php');
	}
}
?>

What I have tried:

Fatal error: Uncaught TypeError: mysqli_fetch_array(): Argument #1 ($result) must be of type mysqli_result, bool given in C:\xampp\htdocs\knobly\logincheck.php:18 Stack trace: #0 C:\xampp\htdocs\knobly\logincheck.php(18): mysqli_fetch_array(false, 2) #1 {main} thrown in C:\xampp\htdocs\knobly\logincheck.php on line 18

This is the error I got

Posted 20-Jan-22 17:43pm

Kaviya R S

Updated 21-Jan-22 4:52am

Sean Ewington

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

M Imran Ansari · Answer 1 · 2022-01-20T18:00:00

Solution 1

mysql_fetch_array returns an array of strings that corresponds to the fetched row, or false if there are no more rows. The type of returned array depends on how result_type is defined

Try like following:

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("ID: %s  Name: %s", $row[0], $row[1]);  
}

Posted 20-Jan-22 18:00pm

M Imran Ansari

Updated 20-Jan-22 18:01pm

v2

Comments

Kaviya R S 21-Jan-22 0:45am

can i have ur mail id pls sir @m imran ansari

M Imran Ansari 21-Jan-22 7:39am

Have your issue resolved? If you are facing any issue let me know.

Richard Deeming · Answer 2 · 2022-01-20T21:45:00

As I said on your repost[^] of this question:

If you'd pasted the start of your error message into Google, or your preferred search engine, you would have found the hundreds of times this precise question has been asked before.

PHP: mysqli::query - Manual[^]
Returns false on failure.

Your query failed. Most likely because user is a reserved word in MySQL[^], and needs to be escaped.

HOWEVER, you have some extremely critical security vulnerabilities in your code:

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

You are storing an unsalted hash of your users' passwords, using an ancient and insecure hashing algorithm - MD5 hasn't been considered "secure" for over two decades now.

You need to salt your hash, using a unique salt for each record, and use a secure hashing algorithm.

PHP provides built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]