"Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given" in login script

Question

Busy really frustrating myself here. I am busy trying to write a simple login script that validates a login against the database.

However i keep on getting:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in

here is my code.... when i run the query on sql workbench it works 100%

<?php

// Grab User submitted information
$email = $_POST['users_email'];
$pass = $_POST['users_pass'];

// Connect to the database
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db('arctecs',$con);

$result = mysql_query('SELECT users_email, users_pass FROM users WHERE users_email = $email');

$row = mysql_fetch_array($result);

if($row['users_email']==$email && $row['users_pass']==$pass)
    echo'You are a validated user.';
else
    echo'Sorry, your credentials are not valid, Please try again.';
?>

possible duplicate of [mysql\_fetch\_array() expects parameter 1 to be resource, boolean given in select](http://stackoverflow.com/questions/2973202/mysql-fetch-array-expects-parameter-1-to-be-resource-boolean-given-in-select) — John Conde, Apr 08 '14 at 02:59

score 2 · Accepted Answer · answered Mar 24 '14 at 09:42

This is not correct

'SELECT users_email, users_pass FROM users WHERE users_email = $email'

better way is

"SELECT users_email, users_pass FROM users WHERE users_email = '$email'"

Need to wrap the string data in single quote.

The POST data is directly being used in the query which is not good. Start using PDO prepared statements to avoid sql injections or at-least sanitize data as

$email = $_POST['users_email'];
$pass = $_POST['users_pass'];
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

$email = mysql_real_escape_string($email);

score 1 · Answer 2 · answered Mar 24 '14 at 09:42

Variables will not be parsed under single quotes. Rewrite like below

$result = mysql_query("SELECT `users_email`, `users_pass` FROM `users` WHERE `users_email` = '$email'") or die(mysql_error());

Warning : You script is prone to SQL-Injection attack. You need to switch to Prepared Statements.

This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

score 0 · Answer 3 · answered Mar 24 '14 at 09:42

0

it happens when your query is not executed so use mysql_error() to know the error

$result = mysql_query("SELECT users_email, users_pass FROM users WHERE users_email = $email") or die(mysql_error());

answered Mar 24 '14 at 09:42

ɹɐqʞɐ zoɹǝɟ

4,342
3
22
35

score 0 · Answer 4 · answered Mar 24 '14 at 09:49

mysql_query will return false on errors. You also should consider to use the mysqli extension. The mysql extensions is deprecated as of PHP 5.5.0.

See: http://www.php.net/manual/en/function.mysql-query.php

try this:

$result = mysql_query('SELECT users_email, users_pass FROM users WHERE users_email = "$email"');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

"Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given" in login script

4 Answers4