0

I'm having a slight problem with my php page which I just don't understand. I'm new in this and i don't really understand my query. When i try to execute my program, error appear like this

Warning: sqlsrv_has_rows() expects parameter 1 to be resource, boolean given

This is my code:

<?php
    session_start();

    try{
    include 'connection.php';

    $username = $_POST['user'];
    $password = $_POST['pass'];

    //check if login form is filled
    if(empty($_POST['user']) || empty($_POST['pass'])){
    echo '<script type="text/javascript">alert("Connection established.");   </script>';
     }
    //search for user and password in the database
    $query = "SELECT * FROM [Emkaandb].[dbo].[tbl_clientslogin] WHERE email='{$username}' AND .password='{$password}' AND active='1'";
    $result = sqlsrv_query($conn, $query);
    if($result == true){
    die(print_r(sqlsrv_errors(),true));
     }
      if(sqlsrv_has_rows($result) !=1){
    echo '<script type="text/javascript">alert("Invalid email or password.");  </script>';
    }else{
     while($row = sqlsrv_fetch_array($result)){
        $_SESSION['name'] = $row['name'];

    }
    header("location: Profile.php");
    }

     }catch  (PDOException $e)
  {
    echo "Error!: " . $e->getMessage() . "
";
    die();
  }

?>
Improve this question
3
  • 2
    just in case you didn't know. sqlsrv functions has nothing to do with PDO functions. and thus there is very little use in catching PDOExceptions in this code. Commented Apr 21, 2016 at 11:41
  • In fact, you have to ask explicitly for error messages: sqlsrv_errors(). Once you do you'll see that your SQL is invalid to begin with. Commented Apr 21, 2016 at 11:50
  • BTW, it seems your code allows universal login with the magic password ' OR 1=1-- Commented Apr 21, 2016 at 11:52

1 Answer 1

Reset to default
2

$result return resource set id ?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i can see if($result == true){ die(print_r(sqlsrv_errors(),true)); } thats die () ? because $result always true...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.