-2
if(isset($_POST['submit'])){
                $uname=$_POST['username'];
                $pwd=$_POST['password'];
                $acc_type=$_POST['acc_type'];
                $_SESSION['user_type']=$acc_type;

                if($acc_type=='Teacher'){
                    $sql="select userid,password from teacherinfo where userid='$uname'";
                }
                else if($acc_type=='Student'){
                    $sql="select userid,password from studentinfo where userid='$uname'";
                }
                else if($acc_type=='Admin'){
                    $sql="select userid,password from admininfo where userid='$uname'";
                }

                $query = mysql_query($sql);
                $count = mysql_num_rows($query);
                if($count>0){
                    $row_data = mysql_fetch_row($query);
                    if($row_data[1]==$pwd){
                        $_SESSION['userid']=$row_data[0];
                        $url="profile.php";
                        header("Location:$url");
                    }
                    else{
                        echo "Password Miss match!";
                    }
                }
                else{
                    echo "User not Found!";
                }



            }

Notice: Undefined variable: sql in C:\xampp\htdocs\MJ\index.php on line 39 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\MJ\index.php on line 40

Manan Juneja
  • 1
  • 2
    Possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – Henders Nov 15 '16 at 08:51
  • use mysqli_* or pdo, mysql* are deprecated and will give you warning. – Devsi Odedra Nov 15 '16 at 08:53
  • 2
    you **MUST NOT** use mysql_xxx functions which are deprecated since php 5.5 and removed in php 7. use mysqli_xxx or PDO instead : http://php.net/manual/en/intro.mysql.php. Also, **NEVER** use user input directly in your SQL queries : http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ᴄʀᴏᴢᴇᴛ Nov 15 '16 at 08:53
  • echo $acc_type before line 40 and check what is value of this and $sql – Md Hasibur Rahaman Nov 15 '16 at 08:54
  • This is because $acc_type do mot match in any provided case. That's why the $sql variable is not initialized and you are using it. – Mayank Pandeyz Nov 15 '16 at 08:54
  • There error is ínfront of you, you did not define the $sql variable, the username, password all defined at the top. Place $sql = ""; under $acc_type=$_POST['acc_type']; should be fine. You need to define variables before using it –  Nov 15 '16 at 08:57
  • Thank you so much everyone. Its very nice of you with the suggestions too! – Manan Juneja Nov 15 '16 at 16:57

1 Answers1

2

Looking at the code from the PHP website you are not linking your sql statement to the connection you made to your database. Look at the code below and you will see that a variable is create called $link this is then supplied the database to be used and then placed in as a second variable in the sql statement variable $result.

<?php

$link = mysql_connect("localhost", "mysql_user", "mysql_password");
mysql_select_db("database", $link);

$result = mysql_query("SELECT * FROM table1", $link);
$num_rows = mysql_num_rows($result);

echo "$num_rows Rows\n";

?>

You really do, as the comment state, need to stop using mysql and move over to PDO, this site should provide you with enough information to get your started and will secure the statements to the database - https://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059

Further to this you also need to look at hashing your passwords, currently you are using plain text, this is not secure. Using something like password_hash() - http://php.net/manual/en/function.password-hash.php - would provide a much more secure way of storing passwords. Once they are stored securing you can use password_verify() to check them against supplied passwords in the future.

Blinkydamo
  • 1,582
  • 9
  • 20
  • The link identifier is an optionnal argument, if mysql_connect has been called before, this link will be used for the queries http://php.net/manual/en/function.mysql-query.php – ᴄʀᴏᴢᴇᴛ Nov 15 '16 at 09:04