PHP/MySQL problem

**shauder** · Apr 30, 2010 05:49

This is the error I get, everytime "mysql_num_rows()" gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30

Here is my files code

Code:

<?php
	include 'inc/php/dbconfig.php';	
	include 'inc/php/functions.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<head>
<title>Shane Faulkner | Login</title>
<link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
</head>
<body>
<?php
	// when the user hits the submit button...
	if ($_POST['submit']) {
		
		// get the variables from the form and protect them
		$username = protect($_POST['username']);
		$password = protect($_POST['password']);
		
		if (!$username || !$password) {
		
			echo 'please enter a username or a password!';
			
		} else {
		
			// if they do have both a username and password then
			// we want to select all usernames from the database that match that username
			
			$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
			$num = mysql_num_rows($res);
			
			// now we need to see if there is a match
			if ($num == 0) {
				
				// on fail display error
				echo 'the username, '.$username.', does not exist in our system!';
				
			} else {
			
				$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
				
				if ($num == 0) {
					
					// on fail display error
					echo 'the password you gave us does not match the username!';
					
				} else {
					
					$row = mysql_fetch_assoc($req);
					
					if ($row['active'] != 1) {
						
						// on fail display error
						echo 'you still need to activate your account before you can log in!';
						
					} else {
						
						// if it is active then log them in
						$_SESSION['uid'] = $row['id'];
						
						echo 'you have been logged in!';
						echo 'please wait while we redirect you!';
						
						// update them so they display as online
						mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
						
						// redirect
						header('location: index.php');
					}
				}
			}
		}
	}
?>
<form action="login.php" method="post">
 <div id="login">
  <p>
   <label>username: </label>
   <input name="username" type="text" />
  </p>
  <p>
   <label>password: </label>
   <input name="password" type="password" />
  </p>
  <p>
   <label>remember me: </label>
  </p>
  <span><input name="submit" value="login" type="submit"></span>
  <span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
 </div>
</form>
</body>
</html>

This is the files that connects to the DB

Code:

<?php
	// start a session to see if a user is logged in
	session_start();
	
	// define database variables
	$myqhost = 'localhost';
	$myqname = '******';
	$myquser = '************';
	$myqpass = '*************';
	
	$con = mysql_connect($myqhost, $myquser, $myqpass);
	$db = mysql_select_db($myqname, $con);
	
	if (!con) {
		echo '<p>MySQL connection is <b>bad</b></p>';
	} else {
		echo '<p>MySQL connection is <b>good</b></p>';
	}
?>

Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/

**r937** · Apr 30, 2010 06:48

you have an error in your query...

Code:

SELECT username FROM 'users' WHERE 'username' ...

don't put quotes around users and username, that turns them into strings

you can't select anything from a string

here's a tip: when you are developing a php script that uses a database, test your queries outside of php first

that way, you'll find the mysql error messages more easily

**Hammer65** · Apr 30, 2010 07:01

Originally Posted by querk

This is the error I get, everytime "mysql_num_rows()" gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30

Here is my files code

Code:

<?php
	include 'inc/php/dbconfig.php';	
	include 'inc/php/functions.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<head>
<title>Shane Faulkner | Login</title>
<link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
</head>
<body>
<?php
	// when the user hits the submit button...
	if ($_POST['submit']) {
		
		// get the variables from the form and protect them
		$username = protect($_POST['username']);
		$password = protect($_POST['password']);
		
		if (!$username || !$password) {
		
			echo 'please enter a username or a password!';
			
		} else {
		
			// if they do have both a username and password then
			// we want to select all usernames from the database that match that username
			
			$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
			$num = mysql_num_rows($res);
			
			// now we need to see if there is a match
			if ($num == 0) {
				
				// on fail display error
				echo 'the username, '.$username.', does not exist in our system!';
				
			} else {
			
				$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
				
				if ($num == 0) {
					
					// on fail display error
					echo 'the password you gave us does not match the username!';
					
				} else {
					
					$row = mysql_fetch_assoc($req);
					
					if ($row['active'] != 1) {
						
						// on fail display error
						echo 'you still need to activate your account before you can log in!';
						
					} else {
						
						// if it is active then log them in
						$_SESSION['uid'] = $row['id'];
						
						echo 'you have been logged in!';
						echo 'please wait while we redirect you!';
						
						// update them so they display as online
						mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
						
						// redirect
						header('location: index.php');
					}
				}
			}
		}
	}
?>
<form action="login.php" method="post">
 <div id="login">
  <p>
   <label>username: </label>
   <input name="username" type="text" />
  </p>
  <p>
   <label>password: </label>
   <input name="password" type="password" />
  </p>
  <p>
   <label>remember me: </label>
  </p>
  <span><input name="submit" value="login" type="submit"></span>
  <span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
 </div>
</form>
</body>
</html>

This is the files that connects to the DB

Code:

<?php
	// start a session to see if a user is logged in
	session_start();
	
	// define database variables
	$myqhost = 'localhost';
	$myqname = '******';
	$myquser = '************';
	$myqpass = '*************';
	
	$con = mysql_connect($myqhost, $myquser, $myqpass);
	$db = mysql_select_db($myqname, $con);
	
	if (!con) {
		echo '<p>MySQL connection is <b>bad</b></p>';
	} else {
		echo '<p>MySQL connection is <b>good</b></p>';
	}
?>

Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/

There is a lot that can go wrong when interfacing code and a database. Each one of the MySQL functions present in PHP is set up to return a result that evaluates to false if something goes wrong. Every operation from connecting to the database to retrieving results needs to be evaluated as to whether the operation was successful before proceeding. Don't select a database on a connection that failed, don't run on a query on a connection where a database was not successfully selected, and don't attempt to get information about, or information from a result set that doesn't exist because the query failed or the database connection or server had an issue for the brief moment of your request.

**shauder** · Apr 30, 2010 11:40

Thanks for the reply guys, I have changed the code to this and tested within myphpadmin

Code:

$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res);

It works! I am just retarded and didn't "notice" the difference between "`" and "'"

**Hammer65** · Apr 30, 2010 13:50

Originally Posted by querk

Thanks for the reply guys, I have changed the code to this and tested within myphpadmin

Code:

$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res);

It works! I am just retarded and didn't "notice" the difference between "`" and "'"

that query could still fail, not through syntax but due to a momentary break in the connection. You really need to evaluate each step even if you are certain the query will execute without error. If $res evaluates to false, don't continue.

**shauder** · Apr 30, 2010 14:37

so something like:

Code:

if ( $res == true ) {
$num = mysql_num_rows($res);
else
try again?

**Hammer65** · Apr 30, 2010 15:08

Originally Posted by querk

so something like:

Code:

if ( $res == true ) {
$num = mysql_num_rows($res);
else
try again?

That is correct. Each of those functions returns something that will evaluate to false if something goes wrong. mysql_connect, mysql_select_db and mysql_query. Each should be checked for failure before preceding, even if there is only a slim chance something will go wrong.

**shauder** · Apr 30, 2010 15:11

is there a "method" you suggest? I am very new to PHP

such as some sort of try catch method ro something

**Hammer65** · Apr 30, 2010 15:30

Originally Posted by querk

is there a "method" you suggest? I am very new to PHP

PHP Code:


<?php

$message = 'Error: Data connection error.';

$data = array();

$num = 0;

$conn = mysql_connect('localhost','user','pass');

if($conn)

{

    if(mysql_select_db('mydb',$conn))

    {

        $message = 'Error: Error retrieving data.';

        $sql =<<<SQLSTM

        SELECT

            firstName,lastName

            FROM people

                WHERE

                    firstName LIKE '%Bob%'

SQLSTM;

        if($res = mysql_query($sql,$conn))

        {

            $message = 'Sorry no records found';

            $num = mysql_num_rows($res);

            if($num)

            {

                $message = $num.' number of records found.';

                $data = mysql_fetch_assoc($res);

            }

        }

    }

}

?>

<h2><?php echo $message; ?></h2>

<?php if($num){ ?>

<div><strong>First Name</strong>:<?php echo $data['firstName']; ?></div>

<div><strong>Last name</strong><?php echo $data['lastName'] ?></div>

<?php } ?>

**shauder** · Apr 30, 2010 15:34

Thank you very much! I will take a look at this and try and understand it so I can implement this or something simular! It really helps to see examples

**shauder** · Apr 30, 2010 16:09

I have another problem! I know it is small and im probably just retarted but this is the code

Code:

// check to see if they have proper privieges
	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
	$row = mysql_fetch_assoc($res);
	
	if (!$_SESSION['uid']) {
		// see if they are logged in and have a session
		echo 'you must be logged in to use this feature';
	} else {
		if ($row['id'] == $_SESSION['uid']) {
			echo 'u are admin';
			echo $row['id'];
		} else {
			echo 'u are member';
		}
	}

So here is what i think is happening. it is only comparing the first row right? I need it to compare more

**shauder** · Apr 30, 2010 17:22

I figured it out on my own! I am so happy, here it is can you guys tell me what you think? Should I have done this another way?

Code:

<?php

	// check to see if they have proper privieges
	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
	
	if (!$_SESSION['uid']) {
		// see if they are logged in and have a session
		echo 'you must be logged in to use this feature';
	} else {
		while ($row = mysql_fetch_array($res, MYSQL_NUM)) {
    			if ($row[0] == $_SESSION['uid']) {  
    				$admin = true;
    			} else {
    				$admin = false;
    			}
    		}
	}
	
	if ($admin == true) {		
?>
This is test for admin == true.
<?php
	} else {
?>
This is test for admin == false.
<?php
	}
?>

User Tag List

Thread: PHP/MySQL problem

Thread Tools

Display

PHP/MySQL problem

Bookmarks

Bookmarks

Posting Permissions