SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP/MySQL problem

    This is the error I get, everytime "mysql_num_rows()" gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything
    Code:
    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30
    Here is my files code
    Code:
    <?php
    	include 'inc/php/dbconfig.php';	
    	include 'inc/php/functions.php';
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
    <head>
    <title>Shane Faulkner | Login</title>
    <link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
    </head>
    <body>
    <?php
    	// when the user hits the submit button...
    	if ($_POST['submit']) {
    		
    		// get the variables from the form and protect them
    		$username = protect($_POST['username']);
    		$password = protect($_POST['password']);
    		
    		if (!$username || !$password) {
    		
    			echo 'please enter a username or a password!';
    			
    		} else {
    		
    			// if they do have both a username and password then
    			// we want to select all usernames from the database that match that username
    			
    			$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
    			$num = mysql_num_rows($res);
    			
    			// now we need to see if there is a match
    			if ($num == 0) {
    				
    				// on fail display error
    				echo 'the username, '.$username.', does not exist in our system!';
    				
    			} else {
    			
    				$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
    				// we want to continue a their credentials if they passes
    				$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
    				
    				if ($num == 0) {
    					
    					// on fail display error
    					echo 'the password you gave us does not match the username!';
    					
    				} else {
    					
    					$row = mysql_fetch_assoc($req);
    					
    					if ($row['active'] != 1) {
    						
    						// on fail display error
    						echo 'you still need to activate your account before you can log in!';
    						
    					} else {
    						
    						// if it is active then log them in
    						$_SESSION['uid'] = $row['id'];
    						
    						echo 'you have been logged in!';
    						echo 'please wait while we redirect you!';
    						
    						// update them so they display as online
    						mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
    						
    						// redirect
    						header('location: index.php');
    					}
    				}
    			}
    		}
    	}
    ?>
    <form action="login.php" method="post">
     <div id="login">
      <p>
       <label>username: </label>
       <input name="username" type="text" />
      </p>
      <p>
       <label>password: </label>
       <input name="password" type="password" />
      </p>
      <p>
       <label>remember me: </label>
      </p>
      <span><input name="submit" value="login" type="submit"></span>
      <span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
     </div>
    </form>
    </body>
    </html>
    This is the files that connects to the DB
    Code:
    <?php
    	// start a session to see if a user is logged in
    	session_start();
    	
    	// define database variables
    	$myqhost = 'localhost';
    	$myqname = '******';
    	$myquser = '************';
    	$myqpass = '*************';
    	
    	$con = mysql_connect($myqhost, $myquser, $myqpass);
    	$db = mysql_select_db($myqname, $con);
    	
    	if (!con) {
    		echo '<p>MySQL connection is <b>bad</b></p>';
    	} else {
    		echo '<p>MySQL connection is <b>good</b></p>';
    	}
    ?>
    Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,014
    Mentioned
    53 Post(s)
    Tagged
    2 Thread(s)
    you have an error in your query...
    Code:
    SELECT username FROM 'users' WHERE 'username' ...
    don't put quotes around users and username, that turns them into strings

    you can't select anything from a string

    here's a tip: when you are developing a php script that uses a database, test your queries outside of php first

    that way, you'll find the mysql error messages more easily

    r937.com | rudy.ca | Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by querk View Post
    This is the error I get, everytime "mysql_num_rows()" gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything
    Code:
    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30
    Here is my files code
    Code:
    <?php
    	include 'inc/php/dbconfig.php';	
    	include 'inc/php/functions.php';
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
    <head>
    <title>Shane Faulkner | Login</title>
    <link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
    </head>
    <body>
    <?php
    	// when the user hits the submit button...
    	if ($_POST['submit']) {
    		
    		// get the variables from the form and protect them
    		$username = protect($_POST['username']);
    		$password = protect($_POST['password']);
    		
    		if (!$username || !$password) {
    		
    			echo 'please enter a username or a password!';
    			
    		} else {
    		
    			// if they do have both a username and password then
    			// we want to select all usernames from the database that match that username
    			
    			$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
    			$num = mysql_num_rows($res);
    			
    			// now we need to see if there is a match
    			if ($num == 0) {
    				
    				// on fail display error
    				echo 'the username, '.$username.', does not exist in our system!';
    				
    			} else {
    			
    				$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
    				// we want to continue a their credentials if they passes
    				$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
    				
    				if ($num == 0) {
    					
    					// on fail display error
    					echo 'the password you gave us does not match the username!';
    					
    				} else {
    					
    					$row = mysql_fetch_assoc($req);
    					
    					if ($row['active'] != 1) {
    						
    						// on fail display error
    						echo 'you still need to activate your account before you can log in!';
    						
    					} else {
    						
    						// if it is active then log them in
    						$_SESSION['uid'] = $row['id'];
    						
    						echo 'you have been logged in!';
    						echo 'please wait while we redirect you!';
    						
    						// update them so they display as online
    						mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
    						
    						// redirect
    						header('location: index.php');
    					}
    				}
    			}
    		}
    	}
    ?>
    <form action="login.php" method="post">
     <div id="login">
      <p>
       <label>username: </label>
       <input name="username" type="text" />
      </p>
      <p>
       <label>password: </label>
       <input name="password" type="password" />
      </p>
      <p>
       <label>remember me: </label>
      </p>
      <span><input name="submit" value="login" type="submit"></span>
      <span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
     </div>
    </form>
    </body>
    </html>
    This is the files that connects to the DB
    Code:
    <?php
    	// start a session to see if a user is logged in
    	session_start();
    	
    	// define database variables
    	$myqhost = 'localhost';
    	$myqname = '******';
    	$myquser = '************';
    	$myqpass = '*************';
    	
    	$con = mysql_connect($myqhost, $myquser, $myqpass);
    	$db = mysql_select_db($myqname, $con);
    	
    	if (!con) {
    		echo '<p>MySQL connection is <b>bad</b></p>';
    	} else {
    		echo '<p>MySQL connection is <b>good</b></p>';
    	}
    ?>
    Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/
    There is a lot that can go wrong when interfacing code and a database. Each one of the MySQL functions present in PHP is set up to return a result that evaluates to false if something goes wrong. Every operation from connecting to the database to retrieving results needs to be evaluated as to whether the operation was successful before proceeding. Don't select a database on a connection that failed, don't run on a query on a connection where a database was not successfully selected, and don't attempt to get information about, or information from a result set that doesn't exist because the query failed or the database connection or server had an issue for the brief moment of your request.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  4. #4
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the reply guys, I have changed the code to this and tested within myphpadmin
    Code:
    $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
    				// we want to continue a their credentials if they passes
    				$num = mysql_num_rows($res);
    It works! I am just retarded and didn't "notice" the difference between "`" and "'"

  5. #5
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by querk View Post
    Thanks for the reply guys, I have changed the code to this and tested within myphpadmin
    Code:
    $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
    				// we want to continue a their credentials if they passes
    				$num = mysql_num_rows($res);
    It works! I am just retarded and didn't "notice" the difference between "`" and "'"
    that query could still fail, not through syntax but due to a momentary break in the connection. You really need to evaluate each step even if you are certain the query will execute without error. If $res evaluates to false, don't continue.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  6. #6
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so something like:

    Code:
    if ( $res == true ) {
    $num = mysql_num_rows($res);
    else
    try again?

  7. #7
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by querk View Post
    so something like:

    Code:
    if ( $res == true ) {
    $num = mysql_num_rows($res);
    else
    try again?
    That is correct. Each of those functions returns something that will evaluate to false if something goes wrong. mysql_connect, mysql_select_db and mysql_query. Each should be checked for failure before preceding, even if there is only a slim chance something will go wrong.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  8. #8
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is there a "method" you suggest? I am very new to PHP

    such as some sort of try catch method ro something

  9. #9
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by querk View Post
    is there a "method" you suggest? I am very new to PHP
    PHP Code:
    <?php
    $message 
    'Error: Data connection error.';
    $data = array();
    $num 0;
    $conn mysql_connect('localhost','user','pass');
    if(
    $conn)
    {
        if(
    mysql_select_db('mydb',$conn))
        {
            
    $message 'Error: Error retrieving data.';
            
    $sql =<<<SQLSTM
            SELECT
                firstName,lastName
                FROM people
                    WHERE
                        firstName LIKE '%Bob%'
    SQLSTM;
            if(
    $res mysql_query($sql,$conn))
            {
                
    $message 'Sorry no records found';
                
    $num mysql_num_rows($res);
                if(
    $num)
                {
                    
    $message $num.' number of records found.';
                    
    $data mysql_fetch_assoc($res);
                }
            }
        }
    }
    ?>
    <h2><?php echo $message?></h2>
    <?php if($num){ ?>
    <div><strong>First Name</strong>:<?php echo $data['firstName']; ?></div>
    <div><strong>Last name</strong><?php echo $data['lastName'?></div>
    <?php ?>
    Visit my blog
    PHP && Life
    for technology articles and musings.

  10. #10
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much! I will take a look at this and try and understand it so I can implement this or something simular! It really helps to see examples

  11. #11
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have another problem! I know it is small and im probably just retarted but this is the code

    Code:
    // check to see if they have proper privieges
    	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
    	$row = mysql_fetch_assoc($res);
    	
    	if (!$_SESSION['uid']) {
    		// see if they are logged in and have a session
    		echo 'you must be logged in to use this feature';
    	} else {
    		if ($row['id'] == $_SESSION['uid']) {
    			echo 'u are admin';
    			echo $row['id'];
    		} else {
    			echo 'u are member';
    		}
    	}
    So here is what i think is happening. it is only comparing the first row right? I need it to compare more

  12. #12
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I figured it out on my own! I am so happy, here it is can you guys tell me what you think? Should I have done this another way?

    Code:
    <?php
    
    	// check to see if they have proper privieges
    	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
    	
    	if (!$_SESSION['uid']) {
    		// see if they are logged in and have a session
    		echo 'you must be logged in to use this feature';
    	} else {
    		while ($row = mysql_fetch_array($res, MYSQL_NUM)) {
        			if ($row[0] == $_SESSION['uid']) {  
        				$admin = true;
        			} else {
        				$admin = false;
        			}
        		}
    	}
    	
    	if ($admin == true) {		
    ?>
    This is test for admin == true.
    <?php
    	} else {
    ?>
    This is test for admin == false.
    <?php
    	}
    ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •