Check $result
before passing it to mysql_fetch_array
. You'll find that it's false
because the query failed. See the mysql_query
documentation for possible return values and suggestions for how to deal with them.
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '$username'");if($result === FALSE){die(mysql_error());// TODO: better error handling}while($row = mysql_fetch_array($result)){
echo $row['FirstName'];}
This example is only to illustrate what should be done (error handling), not how to do it. Production code shouldn't use or die
when outputting HTML, else it will (at the very least) generate invalid HTML. Also, database error messages shouldn't be displayed to non-admin users, as it discloses too much information.