mysql_num_rows is not working!

Hi everyone,
This is my code:


<?php
$con = mysql_connect("localhost", "root", "da_password", "test");
$sql = "SELECT * FROM list";
$result = mysql_query($sql,$con);
echo mysql_num_rows($result);
mysql_close($con);
?>

Running it I get the following error message:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\ est\mysqli_num_rows.php on line 5

Can anyone help me with that please?
Thanks

Why are you still using the soon to be removed mysql_ calls? I suggest that you switch to using either mysqli_ calls or PDO.

The error message you are getting indicates that mysql_query($sql,$con) returned false instead of a pointer to the resultset. The most likely cause of the query failing is if the connect failed but as you have no checking in your code to test which database calls worked and which didn’t your code has just fallen through and tried to run all of the subsequent calls until it found one that it couldn’t handle at all.

You should add code to each database call to test whether it worked or not - then it will be easier to fix whichever one is giving the error instead of carrying on and tryng to run further calls.

That’s a good article which covers migrating from the old mysql_* extension over to PDO, using prepared statements with PDO and error handling with PDO

When posting code, please remember to blank out any passwords from code that you’re posting

Either use PDO or MySQLi.
I like MySQLi OOP so I’m always using it.

<?php
$mysqli = new mysqli("localhost", "root", "da_password", "test");
if($mysqli->connect_errno) {

	// Echo your customized error
	echo "We are showing you this error because there seems to be something wrong with your database information." .
	"<br />We will <strong>NOT</strong> be showing you any database errors because this is unsafe for you and your users." .
	"<br />By showing the actual error, you are exposing yourself to allowing the hacker to be able to get into your database with ease." .
	"<br />Should you ever feel the need to debug your errors, you should only do this locally and change the information on a live website.";
	exit;

}

// Don't use * because this can always give the hacker the upper hand.
// When you use *, it'll show everything in that table whether you want it to show or not. Plus, it'll save database resources.
$sql = $mysqli->prepare("SELECT id, list_name, list_description FROM list");

// Execute your prepared statement
$sql->execute();

// Store the result for further checkings
$sql->store_result();

// Echo out your query
echo $sql->num_rows;

// Close the MySQL connection
$sql->close;
?>

You can also use the $sql->store_result(); in an if statement to check if the information exists or not.

Example: http://localhost/?id=1

<?php
$mysqli = new mysqli("localhost", "root", "da_password", "test");
if($mysqli->connect_errno) {

	// Echo your customized error
	echo "We are showing you this error because there seems to be something wrong with your database information." .
	"<br />We will <strong>NOT</strong> be showing you any database errors because this is unsafe for you and your users." .
	"<br />By showing the actual error, you are exposing yourself to allowing the hacker to be able to get into your database with ease." .
	"<br />Should you ever feel the need to debug your errors, you should only do this locally and change the information on a live website.";
	exit;

}

// Check to see if the $_GET['id'] equals an actual number and not something like ?id=Inject your database
if(isset($_GET['id']) && is_numeric($_GET['id'])) {

	// We are using the $_GET parameter so that it can check for the specific ID in your database.
	$list_id = $mysqli->real_escape_string($_GET['id']);

}

// Don't use * because this can always give the hacker the upper hand.
// When you use *, it'll show everything in that table whether you want it to show or not. Plus, it'll save database resources.
$sql = $mysqli->prepare("SELECT id, list_name, list_description FROM list WHERE id = '$list_id'");

// Execute your prepared statement
$sql->execute();

// Store the result for further checkings
$sql->store_result();

// Check to see if the query has any existing ID as the specified one.
if($sql->num_rows) {

	// Echo out a good news
	echo "Seems like the ID exists in your database. Other wise, how would we get here?";

} else {

	// Echo out a bad news
	echo "Doesn't seem to me like your database has this ID yet or maybe it has been deleted already.";

}

// Close the MySQL connection
$sql->close;
?>