I cant seem to figure out what I'am doing wrong. So when I submit my form I get Warning error and the
Notice: Undefined variable: dbusername in /Library/WebServer/Documents/ArturoLuna_Final/loginCheck.php on line 30
$username = $_POST['username'];$password = $_POST['password']; if($username&&$password){require 'conn.php';$query = "SELECT * FROM users WHERE username='$username'";$result = $mysql->query($query) or die(mysqli_error($mysql));$numrows = $result->num_rows;if ($numrows!=0){while($row = mysql_fetch_assoc($result)){ $dbusername = $row['username'];$dbpassword = $row['password']; }//check to see if they match!if($username==$dbusername&&$password==$dbpassword){ echo "youre In!";}elseecho "incorrect password!";}elsedie("that user is dead");//echo $numrows;}elseecho ("Please Enter Username")what can I be possibly doing wrong?
Best Answer
Change
while($row = mysql_fetch_assoc($result))to
while($row = $result->fetch_assoc())You missed an i off the function name, and mixed up OO and procedural style code, so you are mixing up mysql_* result resources and mysqli_result objects.
You're mixing traditional PHP MySQL functions mysql_* with the MySQLi interface. In this case, mysql_fetch_assoc() expects a resource handle created with mysql_query().
To retrieve the correct result, you'll need to use MySQLi's method:
$row = $result->fetch_assoc();And while you're at it, you might want to consider making the code less susceptible to MySQL injection. Properly escape any user provided input before interpolating it into a query string, or better yet, use MySQLi parameter binding facilities.