This is the error message I received:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in signup_ck.php on line 40
I am trying to teach myself to use PHP and MySQL together. I have a site that needs a special area that should have a login, so I found a set of scripts, and started playing with the code. Now I get an error message. This is the file listed in the error message.
I know this is not nice code, but the scripts I found were using HTML3 and I tried to clean things up using HTML5 and CSS.
Any guidance will be welcome.
<?php
include "include/db_login.php";// database connection details stored here
// Collect the data from post method of form submission //
$userid=$_POST['userid'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$todo=$_POST['todo'];
$email=$_POST['email'];
$name_last=$_POST['name_last'];
$name_first=$_POST['name_first'];
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Check Signup Data</title>
</head>
<body >
<?php
if(isset($todo) and $todo=="post"){
$status = "OK";
$msg="";
// if userid is less than 5 char then status is not ok
if(!isset($userid) or strlen($userid) <5){
$msg=$msg."User id should be 5 or more than 5 char length<br>";
$status= "NOTOK";}
if(!ctype_alnum($userid)){
$msg=$msg."User id should contain alphanumeric characters only<br>";
$status= "NOTOK";}
if(mysql_num_rows(mysql_query("SELECT userid FROM member_tbl WHERE userid = '$userid'"))){
$msg=$msg."Userid already assigned. Please select another userid.<br>";
$status= "NOTOK";}
if ( strlen($password) <8 ){
$msg=$msg."Password must be 8 or more than 8 char length<br>";
$status= "NOTOK";}
if ( $password <> $password2 ){
$msg=$msg."Both passwords do not match.<br>";
$status= "NOTOK";}
if($status<>"OK"){
echo "$msg<br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed.
$query=mysql_query("insert into member(userid,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
echo "Welcome, You have successfully submitted new member information<br><br><a href=login.php>Click here to login</a><br>";
}
}
?>
</body>
</html>
Are you sure your have connected to the database correctly?
Also
if(!ctype_alnum($userid)){
$msg=$msg.“User id should contain alphanumeric characters only<br>”;
$status= “NOTOK”;}
You should stop processing at this point, as $userid could contain injected SQL which nasty pasties can insert horrible commands to your server, ie DELETE FROM USERS.
same here
query(“insert into member(userid,password,email,name_last,name_first) values(‘$userid’,‘$password’,‘$email’,‘$name_last’,‘$name_first’)”);
Try adding mysql_real_escape_string to escape any characters that will allow for SQL inject. Also consider casting your $userid to an int, ie $userid = (int)$_POST[‘userid’] it will then no longer require escaping.
First, thanks for the quick response. Posting that message was the last thing I did before shutting down for the night.
I have an error message if I am not connected to the database. I have tested this and it worked, but may need some improvement. As I said, I am a rank beginner with PHP, and this is my first attempt at working with MySQL.
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); //report errors
$dbservertype='mysql';
$servername='myservername';
$dbusername='myusername';
$dbpassword='mypassword';
$dbname='mydatabasename';
////////////////////////////////////////
////// DONOT EDIT BELOW /////////
///////////////////////////////////////
connecttodb($servername,$dbname,$dbusername,$dbpassword);
function connecttodb($servername,$dbname,$dbuser,$dbpassword)
{
global $link;
$link=mysql_connect ("$servername","$dbuser","$dbpassword");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
}
?>
As for the remainder of your message, that is obviously some of the guidance I need. I will have to study this and incorporate it into my code.
DMWDave,
You said I should stop processing if the userid failed the alphanumeric check. I changed that line of code to read:
if(!ctype_alnum($userid)){die("User id should contain alphanumeric characters only<br>");}
I then tested by entering Webmaster, processing stopped and I was given the message I expected if I tried to use non alphanumeric characters.
What am I doing wrong?
Maybe there’s a leading or trailing space?
If you [FPHP]trim/FPHP does it work?
If not, try [FPHP]var_dump/FPHP to see what it is.
I will check using trim when I get back to my computer(in about 8 hours). After I play around with it maybe I can make some progress.
Back to the original problem…
Have you run the query to make sure it doesnt throw an error? The reason i say that is this…compare the lines…
if(mysql_num_rows(mysql_query("SELECT userid FROM [COLOR="Red"]member_tbl[/COLOR] WHERE userid = '$userid'"))){
$query=mysql_query("insert into [COLOR="Red"]member[/COLOR](userid,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
sings song One of these things is not like the other…
StarLion,
Thanks. I have fixed that. Will test things again and see if I can figure out where my next issues will be. (I suspect I will have many as I learn some new things.)
I am now getting past the error with the non-alphanumeric characters, and have reached this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in signup_ck.php on line 39
That line currently reads:
if(mysql_num_rows(mysql_query(“SELECT userid FROM member_tbl WHERE userid = ‘$userid’”))){$msg=$msg.“Userid already assigned. Please select another userid.<br>”;
I looked at PHP.net and I thought I was checking the database to see if the userid was already in use. The database table member_tbl is currently empty, so I should expect to get my “Userid already assigned.” message.
I did notice the PHP.net did not show an example of this using IF. Am I using the wrong function?
Almost forgot.
I entered this into my code:
$trimmed = trim($userid);
var_dump($trimmed);
The result was: string(1) “0”
Can I now enter something like $trimmed = $userid; to get the trimmed userid ready for the remainder of the code?
I need a schema for your table to be able to debug this further.
I actually have two tables, login_tbl and member_tbl.
login_tbl has:
id
INT(6) NOT NULL AUTO_INCREMENT
user_id
VARCHAR(10) NOT NULL
ip
VARCHAR(50) NOT NULL
time
DATETIME NOT NULL
status
CHAR(3) NOT NULL
’ PRIMARY KEY (id
)
member_tbl has:
user_id
VARCHAR(10) NOT NULL
password
VARCHAR(10) NOT NULL
email
VARCHAR(50) NOT NULL
name_last
VARCHAR(50) NOT NULL
name_first
VARCHAR(50) NOT NULL
PRIMARY KEY (user_id
)
I have built a form to enter the member data.
<form name="form1" action="signup_ck.php" onsubmit="return validate(this)" method="post">
<p>User ID (alphanumeric chars only): <input class="right" type="text" name="userid"><br></p>
<p>Password: <input type="password" name="password"><br></p>
<p>Re-enter Password: <input type="password" name="password2"><br></p>
<p>Email: <input type="text" name="email"><br></p>
<p>Last Name: <input type="text" name="name_last"><br></p>
<p>First Name: <input type="text" name="name_first"><br></p>
<p><input type=hidden name=todo value=post></p>
<p><input type=submit value=Submit></p>
</form>
Hope this is what you are looking for.
Yup, because i see the problem.
sings song again…
member_tbl has:
`[COLOR="Red"]user_id[/COLOR]` VARCHAR(10) NOT NULL
if(mysql_num_rows(mysql_query("SELECT [COLOR="Red"]userid[/COLOR] FROM member_tbl WHERE [COLOR="Red"]userid[/COLOR] = '$userid'"))){
One of these things is still not like the other…
(Future Hint: The ‘is not a mysql resource’ error most normally means “Your query was rejected by the server”. If you encounter this in the future, run the query through your database engine and you’ll find out why. [In this case, mysql would have barked “Field userid does not exist”])
StarLion,
Thank you. I am no longer getting warning messages. Now i am just getting the messages I have inserted into my code.
Can I run each line of code via phpMyAdmin to catch my errors?
Any query you can run through PHPmyAdmin. You’ll have to supply some fake data if you want it to work correctly (IE: Look at your query. phpMyAdmin is going to have no idea what $userid is supposed to be (and will actually handle it as a string literal), so if you want to test it with user_id 1, you’ll have to put into phpMyAdmin SELECT userid FROM member_tbl WHERE userid = ‘1’ )
StarLion,
Great! I will put in some entries for a couple of different “members” and see what I can learn.
If I don’t get this started tonight, it will be next week before i can do anything with it. I will be visiting my newborn grandson this weekend.
Now, I am getting this error:
Parse error: syntax error, unexpected $end in test_form_ck.php on line 46
The last line in this file is line 45.
<?php
// file name is test_form_ck.php
include "include/db_login.php";// database connection details stored here
// Collect the data from post method of form submission //
$userid=$_POST ['userid'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$todo=$_POST['todo'];
$email=$_POST['email'];
$name_last=$_POST['name_last'];
$name_first=$_POST['name_first'];
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>TEST Signup FORM</title>
</head>
<body >
<?php
if(isset($todo) and $todo=="post"){
$status = "OK";
$msg = "";
// Set status to NOTOK if userid is less than 5 chaqracters
if(!isset($userid) or strlen($userid) <5){
$msg=$msg."User id should be 5 or more than 5 char length<br>";
$status = "NOTOK";}
if($status<>"OK"){
echo "$msg<br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed
$query=mysql_query("insert into member_tbl(user_id,password,email,name_last,name_first) values('$userid','$password','$email','$name_last','$name_first')");
echo "Welcome, You have successfully submitted new member information<br><br>";
}
?>
</body>
</html>
line 45 is the closing html tag.
DMWDave, Thanks for pointing out the missing end brace. It now works, and I can start setting up the proper checks and tests to get this going.
StarLion, Thanks for pointing me to the list of common problems. That should give me an idea of where to look for the errors in my code.