SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 59
  1. #1
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Debugging help needed

    This is the error message I received:
    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in signup_ck.php on line 40

    I am trying to teach myself to use PHP and MySQL together. I have a site that needs a special area that should have a login, so I found a set of scripts, and started playing with the code. Now I get an error message. This is the file listed in the error message.

    I know this is not nice code, but the scripts I found were using HTML3 and I tried to clean things up using HTML5 and CSS.

    Any guidance will be welcome.

    Code MySQL:
    <?php
     
    include "include/db_login.php";// database connection details stored here
    // Collect the data from post method of form submission // 
    $userid=$_POST['userid'];
    $password=$_POST['password'];
    $password2=$_POST['password2'];
    $todo=$_POST['todo'];
    $email=$_POST['email'];
    $name_last=$_POST['name_last'];
    $name_first=$_POST['name_first'];
     
    ?>
    <!doctype html>
    <html>
     
    <head>
    <meta charset="UTF-8">
    <title>Check Signup Data</title>
    </head>
     
    <body >
     
    <?php
    if(isset($todo) and $todo=="post"){
     
    $status = "OK";
    $msg="";
     
    // if userid is less than 5 char then status is not ok
    if(!isset($userid) or strlen($userid) <5){
    $msg=$msg."User id should be 5 or more than 5 char length<br>";
    $status= "NOTOK";}					
     
    if(!ctype_alnum($userid)){
    $msg=$msg."User id should contain alphanumeric characters only<br>";
    $status= "NOTOK";}					
     
     
    if(mysql_num_rows(mysql_query("SELECT userid FROM member_tbl WHERE userid = '$userid'"))){
    $msg=$msg."Userid already assigned. Please select another userid.<br>";
    $status= "NOTOK";}					
     
     
    if ( strlen($password) <8 ){
    $msg=$msg."Password must be 8 or more than 8 char length<br>";
    $status= "NOTOK";}					
     
    if ( $password <> $password2 ){
    $msg=$msg."Both passwords do not match.<br>";
    $status= "NOTOK";}					
     
     
    if($status<>"OK"){ 
    echo "$msg<br><input type='button' value='Retry' onClick='history.go(-1)'>";
    }else{ // if all validations are passed.
    $query=mysql_query("insert into member(userid,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
    echo "Welcome, You have successfully submitted new member information<br><br><a href=login.php>Click here to login</a><br>";
    }
    }
    ?>
     
    </body>
     
    </html>
    Each day is a learning experience.

  2. #2
    SitePoint Member
    Join Date
    Mar 2011
    Location
    Tyne & Wear
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you sure your have connected to the database correctly?

    Also


    if(!ctype_alnum($userid)){
    $msg=$msg."User id should contain alphanumeric characters only<br>";
    $status= "NOTOK";}

    You should stop processing at this point, as $userid could contain injected SQL which nasty pasties can insert horrible commands to your server, ie DELETE FROM USERS.

    same here

    query("insert into member(userid,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");

    Try adding mysql_real_escape_string to escape any characters that will allow for SQL inject. Also consider casting your $userid to an int, ie $userid = (int)$_POST['userid'] it will then no longer require escaping.

  3. #3
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First, thanks for the quick response. Posting that message was the last thing I did before shutting down for the night.

    I have an error message if I am not connected to the database. I have tested this and it worked, but may need some improvement. As I said, I am a rank beginner with PHP, and this is my first attempt at working with MySQL.

    PHP Code:
    <?php
    error_reporting
    (E_ERROR E_WARNING E_PARSE E_NOTICE);  //report errors

    $dbservertype='mysql';

    $servername='myservername';   

    $dbusername='myusername';
    $dbpassword='mypassword';

    $dbname='mydatabasename';

    ////////////////////////////////////////
    ////// DONOT EDIT BELOW  /////////
    ///////////////////////////////////////

    connecttodb($servername,$dbname,$dbusername,$dbpassword);
    function 
    connecttodb($servername,$dbname,$dbuser,$dbpassword)
    {
    global 
    $link;
    $link=mysql_connect ("$servername","$dbuser","$dbpassword");
    if(!
    $link){die("Could not connect to MySQL");}
    mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
    }
    ?>
    As for the remainder of your message, that is obviously some of the guidance I need. I will have to study this and incorporate it into my code.
    Each day is a learning experience.

  4. #4
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DMWDave,

    You said I should stop processing if the userid failed the alphanumeric check. I changed that line of code to read:

    PHP Code:
    if(!ctype_alnum($userid)){die("User id should contain alphanumeric characters only<br>");} 
    I then tested by entering Webmaster, processing stopped and I was given the message I expected if I tried to use non alphanumeric characters.

    What am I doing wrong?
    Each day is a learning experience.

  5. #5
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,053
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    Maybe there's a leading or trailing space?

    If you trim($var) does it work?

    If not, try var_dump($var) to see what it is.

  6. #6
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will check using trim when I get back to my computer(in about 8 hours). After I play around with it maybe I can make some progress.
    Each day is a learning experience.

  7. #7
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)
    Back to the original problem...
    Have you run the query to make sure it doesnt throw an error? The reason i say that is this...compare the lines....
    Code:
    if(mysql_num_rows(mysql_query("SELECT userid FROM member_tbl WHERE userid = '$userid'"))){
    Code:
    $query=mysql_query("insert into member(userid,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
    *sings song* One of these things is not like the other....

  8. #8
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    StarLion,

    Thanks. I have fixed that. Will test things again and see if I can figure out where my next issues will be. (I suspect I will have many as I learn some new things.)
    Each day is a learning experience.

  9. #9
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am now getting past the error with the non-alphanumeric characters, and have reached this error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in signup_ck.php on line 39

    That line currently reads:

    if(mysql_num_rows(mysql_query("SELECT userid FROM member_tbl WHERE userid = '$userid'"))){$msg=$msg."Userid already assigned. Please select another userid.<br>";

    I looked at PHP.net and I thought I was checking the database to see if the userid was already in use. The database table member_tbl is currently empty, so I should expect to get my "Userid already assigned." message.

    I did notice the PHP.net did not show an example of this using IF. Am I using the wrong function?
    Each day is a learning experience.

  10. #10
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Almost forgot.

    I entered this into my code:
    $trimmed = trim($userid);
    var_dump($trimmed);

    The result was: string(1) "0"

    Can I now enter something like $trimmed = $userid; to get the trimmed userid ready for the remainder of the code?
    Each day is a learning experience.

  11. #11
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)
    I need a schema for your table to be able to debug this further.

  12. #12
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I actually have two tables, login_tbl and member_tbl.
    login_tbl has:
    `id` INT(6) NOT NULL AUTO_INCREMENT
    `user_id` VARCHAR(10) NOT NULL
    `ip` VARCHAR(50) NOT NULL
    `time` DATETIME NOT NULL
    `status` CHAR(3) NOT NULL
    ' PRIMARY KEY (`id`)

    member_tbl has:
    `user_id` VARCHAR(10) NOT NULL
    `password` VARCHAR(10) NOT NULL
    `email` VARCHAR(50) NOT NULL
    `name_last` VARCHAR(50) NOT NULL
    `name_first` VARCHAR(50) NOT NULL
    PRIMARY KEY (`user_id`)

    I have built a form to enter the member data.
    Code:
    <form name="form1" action="signup_ck.php" onsubmit="return validate(this)" method="post">
    <p>User ID (alphanumeric  chars only): <input class="right" type="text" name="userid"><br></p>
    <p>Password: <input type="password" name="password"><br></p>
    <p>Re-enter Password: <input type="password" name="password2"><br></p>
    <p>Email: <input type="text" name="email"><br></p>
    <p>Last Name: <input type="text" name="name_last"><br></p>
    <p>First Name: <input type="text" name="name_first"><br></p>
    <p><input type=hidden name=todo value=post></p>
    <p><input type=submit value=Submit></p>
    </form>
    Hope this is what you are looking for.
    Each day is a learning experience.

  13. #13
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)
    Yup, because i see the problem.
    *sings song again....*

    Code:
    member_tbl has:
    `user_id` VARCHAR(10) NOT NULL
    Code:
    if(mysql_num_rows(mysql_query("SELECT userid FROM member_tbl WHERE userid = '$userid'"))){
    One of these things is still not like the other....

    (Future Hint: The 'is not a mysql resource' error most normally means "Your query was rejected by the server". If you encounter this in the future, run the query through your database engine and you'll find out why. [In this case, mysql would have barked "Field userid does not exist"])

  14. #14
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    StarLion,

    Thank you. I am no longer getting warning messages. Now i am just getting the messages I have inserted into my code.

    Can I run each line of code via phpMyAdmin to catch my errors?
    Each day is a learning experience.

  15. #15
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)
    Any query you can run through PHPmyAdmin. You'll have to supply some fake data if you want it to work correctly (IE: Look at your query. phpMyAdmin is going to have no idea what $userid is supposed to be (and will actually handle it as a string literal), so if you want to test it with user_id 1, you'll have to put into phpMyAdmin SELECT userid FROM member_tbl WHERE userid = '1' )

  16. #16
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    StarLion,

    Great! I will put in some entries for a couple of different "members" and see what I can learn.

    If I don't get this started tonight, it will be next week before i can do anything with it. I will be visiting my newborn grandson this weekend.
    Each day is a learning experience.

  17. #17
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now, I am getting this error:

    Parse error: syntax error, unexpected $end in test_form_ck.php on line 46

    The last line in this file is line 45.
    Code:
    <?php
    // file name is test_form_ck.php
    include "include/db_login.php";// database connection details stored here
    // Collect the data from post method of form submission // 
    $userid=$_POST ['userid'];
    $password=$_POST['password'];
    $password2=$_POST['password2'];
    $todo=$_POST['todo'];
    $email=$_POST['email'];
    $name_last=$_POST['name_last'];
    $name_first=$_POST['name_first'];
    
    ?>
    <!doctype html>
    <html>
    
    <head>
    <meta charset="UTF-8">
    <title>TEST Signup FORM</title>
    </head>
    
    <body >
    
    <?php
    if(isset($todo) and $todo=="post"){
    $status = "OK";
    $msg = "";
    
    // Set status to NOTOK if userid is less than 5 chaqracters
    if(!isset($userid) or strlen($userid) <5){
    $msg=$msg."User id should be 5 or more than 5 char length<br>";
    $status = "NOTOK";}	
    
    if($status<>"OK"){ 
    echo "$msg<br><input type='button' value='Retry' onClick='history.go(-1)'>";
    }else{ // if all validations are passed
    $query=mysql_query("insert into member_tbl(user_id,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
    echo "Welcome, You have successfully submitted new member information<br><br>";
    }
    
    ?>
    
    </body>
    
    </html>
    line 45 is the closing html tag.
    Each day is a learning experience.

  18. #18
    SitePoint Member
    Join Date
    Mar 2011
    Location
    Tyne & Wear
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Missing an end brace,


    Quote Originally Posted by CSU-Bill View Post
    Now, I am getting this error:

    Parse error: syntax error, unexpected $end in test_form_ck.php on line 46

    The last line in this file is line 45.
    Code:
    <?php
    // file name is test_form_ck.php
    include "include/db_login.php";// database connection details stored here
    // Collect the data from post method of form submission // 
    $userid=$_POST ['userid'];
    $password=$_POST['password'];
    $password2=$_POST['password2'];
    $todo=$_POST['todo'];
    $email=$_POST['email'];
    $name_last=$_POST['name_last'];
    $name_first=$_POST['name_first'];
    
    ?>
    <!doctype html>
    <html>
    
    <head>
    <meta charset="UTF-8">
    <title>TEST Signup FORM</title>
    </head>
    
    <body >
    
    <?php
    if(isset($todo) and $todo=="post"){
    $status = "OK";
    $msg = "";
    
    // Set status to NOTOK if userid is less than 5 chaqracters
    if(!isset($userid) or strlen($userid) <5){
    $msg=$msg."User id should be 5 or more than 5 char length<br>";
    $status = "NOTOK";}	
    
    if($status<>"OK"){ 
    echo "$msg<br><input type='button' value='Retry' onClick='history.go(-1)'>";
    }else{ // if all validations are passed
    $query=mysql_query("insert into member_tbl(user_id,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
    echo "Welcome, You have successfully submitted new member information<br><br>";
    }
    
    } <-- You missed an end brace ;)
    ?>
    
    </body>
    
    </html>
    line 45 is the closing html tag.

  19. #19
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)

  20. #20
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DMWDave, Thanks for pointing out the missing end brace. It now works, and I can start setting up the proper checks and tests to get this going.

    StarLion, Thanks for pointing me to the list of common problems. That should give me an idea of where to look for the errors in my code.
    Each day is a learning experience.

  21. #21
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Some further advice:

    1) STOP dropping in and out of php parsing mode. You're just making the code more complex for no good reason. (But again, I'm the guy who thinks <?php and ?> should be removed from the language!)

    2) if you're going to copy values into variables, SANITIZE them unless you're using prepared queries. (which you aren't).

    3) you don't have to say $msg=$msg." -- $msg.=" is just fine.

    4) Do not process unused values until you NEED them... otherwise it's a waste of execution time.

    5) INDENT... your missing closes would stand out like a sore thumb then. Simply adding tabs and a few carriage returns can work WONDERS. A few extra spaces in there couldn't hurt either... You've got this... oddball placement of closing brackets and other bits and pieces of the code that's just BEGGING for you to have those types of errors.

    6) STOP using double-quotes on your strings. They take longer, and make the code often harder to deal with. (again, WHAT is with people doing that?!?)

    7) there is no "and" or "or" for comparisons. Did you mean && and ||?
    PHP: Comparison Operators - Manual

    8) you lack enough parenthesis in your evaluations. PHP screws up comparisons as && is also a valid compare.... which will run BEFORE your <5

    SO... my version would probably looks something more like this:

    Code:
    <?php
    
    function sanitizeFromPost($postName){
    	if isset($_POST[$postName]) {
    		$str=(
    			get_magic_quotes_gpc() ?
    			stripslashes($_POST[$postName]) :
    			$_POST[$postName]
    		);
    		return (
    			function_exists('mysql_real_escape_string') ?
    			mysql_real_escape_string($str) :
    			addslashes($str)
    		);
    	} else return '';
    }
    
    // file name is test_form_ck.php
    include "include/db_login.php";// database connection details stored here
    // Collect the data from post method of form submission // 
    
    echo '
    <!doctype html>
    <html><head>
    
    <meta charset="UTF-8">
    
    <title>TEST Signup FORM</title>
    
    </head><body>';
    
    if (
    	isset($_POST['todo']) &&
    	($_POST['todo']=="post")
    ) {
    	$msg='';
    	
    	$userid=sanitizeFromPost('userid');
    	if (strlen($userid)<5) {
    		$msg.='User ID should be 5 or more than 5 char length<br>';
    	}
    
    	if (empty($msg)) {
    		$password=sanitizeFromPost('password');
    		$password2=sanitizeFromPost('password2');
    		$email=sanitizeFromPost('email');
    		$name_last=sanitizeFromPost('name_last');
    		$name_first=sanitizeFromPost('name_first');
    		$query=mysql_query("
    			INSERT INTO member_tbl
    			(user_id,password,email,name_last,name_first)
    			VALUES
    			('$userid','$password','$email','$name_last','$name_first')
    		");
    		echo "Welcome, You have successfully submitted new member information<br><br>";
    	} else {
    		echo $msg.'<br><input type="button" value="Retry" onClick="history.go(-1)">';
    	}
    	
    }
    
    echo '
    </body></html>';
    
    ?>
    Off Topic:

    I'd also suggest kicking the HTML 5 nonsense to the curb since it's doing nothing but setting coding practices back a decade or more...

    But of course, no one ever listens to poor Zathras no, he's quite mad they say. It is good that Zathras does not mind, has even grown to like it.


    I'd also kick the mysql_ functions even harder, and switch at LEAST to mySQLi, or even better PDO. This isn't 2003.

    Oh, also notice I got rid of the ok variable. If you add a error message, there are errors; as such all you have to do is check if $msg is empty. No need for the extra variable. I made my sanitize function return an empty string, so for the userid check all you have to do is check the length.

  22. #22
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    deathshadow60,

    I have read your message, and much of what you have is beyond my current knowledge level. Google is my friend, so I am studying.

    I just checked, and I do have mySQLi and PDO available. How does this affect the code used for files shuch as the one I am working on now?
    Each day is a learning experience.

  23. #23
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,053
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    The "i" stands for "improved". It allows you to write much more secure code.

    The "P" stands for "portable". It allows you to write much more secure code and to use the same code with other databases.

    So if you think you will always use a MySQL database then MySQLi would probably be OK and would definately be better to use.

    But if you think you might ever be working with other databases and don't want to rewrite code, PDO would be the wise choice.

    And PDO works with MySQL too, so no harm using it now.

  24. #24
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What are the differences in code for using PDO?

    Where do I find some instructions for using PDO?

    Is this what I find with Google is Python Database Objects?
    Each day is a learning experience.

  25. #25
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    deathshadow60,

    I copied your code to see if it would run in my environment, and it did not. I get a:
    Parse error: syntax error, unexpected T_ISSET, expecting '(' in test_form_ck_r01.php on line 4

    Not sure why it does not work. Maybe something is not enabled on my site, or the config file is not set correctly.

    I did find information on PHP Data Objects, and I have started studying the information.

    I appreciate the assistance. I will continue working with this code.

    PHPINFO says: PDO Driver for MySQL, client library version 5.0.92, and PHP Version 5.2.17.
    Each day is a learning experience.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •