PHP/MySQL problem

PHP
1

This is the error I get, everytime “mysql_num_rows()” gets called this error comes up. Go to http://shanefaulkner.com and try and log in with anything

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shauder/public_html/login.php on line 30

Here is my files code

<?php
	include 'inc/php/dbconfig.php';	
	include 'inc/php/functions.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<head>
<title>Shane Faulkner | Login</title>
<link rel="stylesheet" type="text/css" href="inc/styles/common.css" />
</head>
<body>
<?php
	// when the user hits the submit button...
	if ($_POST['submit']) {
		
		// get the variables from the form and protect them
		$username = protect($_POST['username']);
		$password = protect($_POST['password']);
		
		if (!$username || !$password) {
		
			echo 'please enter a username or a password!';
			
		} else {
		
			// if they do have both a username and password then
			// we want to select all usernames from the database that match that username
			
			$res = mysql_query("SELECT * FROM 'users' WHERE 'username' = '".$username."'");
			$num = mysql_num_rows($res);
			
			// now we need to see if there is a match
			if ($num == 0) {
				
				// on fail display error
				echo 'the username, '.$username.', does not exist in our system!';
				
			} else {
			
				$res = mysql_query("SELECT username FROM 'users' WHERE 'username' = '".$username."' AND 'password' = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res) or die("Error: ". mysql_error(). " with query ". $query);
				
				if ($num == 0) {
					
					// on fail display error
					echo 'the password you gave us does not match the username!';
					
				} else {
					
					$row = mysql_fetch_assoc($req);
					
					if ($row['active'] != 1) {
						
						// on fail display error
						echo 'you still need to activate your account before you can log in!';
						
					} else {
						
						// if it is active then log them in
						$_SESSION['uid'] = $row['id'];
						
						echo 'you have been logged in!';
						echo 'please wait while we redirect you!';
						
						// update them so they display as online
						mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
						
						// redirect
						header('location: index.php');
					}
				}
			}
		}
	}
?>
<form action="login.php" method="post">
 <div id="login">
  <p>
   <label>username: </label>
   <input name="username" type="text" />
  </p>
  <p>
   <label>password: </label>
   <input name="password" type="password" />
  </p>
  <p>
   <label>remember me: </label>
  </p>
  <span><input name="submit" value="login" type="submit"></span>
  <span><a href="register.php">register</a> | <a href="forgot.php">lost password</a></span>
 </div>
</form>
</body>
</html>

This is the files that connects to the DB

<?php
	// start a session to see if a user is logged in
	session_start();
	
	// define database variables
	$myqhost = 'localhost';
	$myqname = '******';
	$myquser = '************';
	$myqpass = '*************';
	
	$con = mysql_connect($myqhost, $myquser, $myqpass);
	$db = mysql_select_db($myqname, $con);
	
	if (!con) {
		echo '<p>MySQL connection is <b>bad</b></p>';
	} else {
		echo '<p>MySQL connection is <b>good</b></p>';
	}
?>

Any help would be greatly appreciated! I started playing around with it, and I am really knew to PHP so it may be even more messed up then it started lol =/

2

you have an error in your query…

SELECT username FROM 'users' WHERE 'username' ...

don’t put quotes around users and username, that turns them into strings

you can’t select anything from a string

here’s a tip: when you are developing a php script that uses a database, test your queries outside of php first

that way, you’ll find the mysql error messages more easily

:slight_smile:

3

There is a lot that can go wrong when interfacing code and a database. Each one of the MySQL functions present in PHP is set up to return a result that evaluates to false if something goes wrong. Every operation from connecting to the database to retrieving results needs to be evaluated as to whether the operation was successful before proceeding. Don’t select a database on a connection that failed, don’t run on a query on a connection where a database was not successfully selected, and don’t attempt to get information about, or information from a result set that doesn’t exist because the query failed or the database connection or server had an issue for the brief moment of your request.

4

Thanks for the reply guys, I have changed the code to this and tested within myphpadmin

$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
				// we want to continue a their credentials if they passes
				$num = mysql_num_rows($res);

It works! I am just retarded and didn’t “notice” the difference between “`” and “'”

5

that query could still fail, not through syntax but due to a momentary break in the connection. You really need to evaluate each step even if you are certain the query will execute without error. If $res evaluates to false, don’t continue.

6

so something like:

if ( $res == true ) {
$num = mysql_num_rows($res);
else
try again?
7

That is correct. Each of those functions returns something that will evaluate to false if something goes wrong. mysql_connect, mysql_select_db and mysql_query. Each should be checked for failure before preceding, even if there is only a slim chance something will go wrong.

8

is there a “method” you suggest? I am very new to PHP

such as some sort of try catch method ro something

9 

<?php
$message = 'Error: Data connection error.';
$data = array();
$num = 0;
$conn = mysql_connect('localhost','user','pass');
if($conn)
{
	if(mysql_select_db('mydb',$conn))
	{
		$message = 'Error: Error retrieving data.';
		$sql =<<<SQLSTM
		SELECT
			firstName,lastName
			FROM people
				WHERE
					firstName LIKE '%Bob%'
SQLSTM;
		if($res = mysql_query($sql,$conn))
		{
			$message = 'Sorry no records found';
			$num = mysql_num_rows($res);
			if($num)
			{
				$message = $num.' number of records found.';
				$data = mysql_fetch_assoc($res);
			}
		}
	}
}
?>
<h2><?php echo $message; ?></h2>
<?php if($num){ ?>
<div><strong>First Name</strong>:<?php echo $data['firstName']; ?></div>
<div><strong>Last name</strong><?php echo $data['lastName'] ?></div>
<?php } ?>
10

Thank you very much! I will take a look at this and try and understand it so I can implement this or something simular! It really helps to see examples

11

I have another problem! I know it is small and im probably just retarted but this is the code

// check to see if they have proper privieges
	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
	$row = mysql_fetch_assoc($res);
	
	if (!$_SESSION['uid']) {
		// see if they are logged in and have a session
		echo 'you must be logged in to use this feature';
	} else {
		if ($row['id'] == $_SESSION['uid']) {
			echo 'u are admin';
			echo $row['id'];
		} else {
			echo 'u are member';
		}
	}

So here is what i think is happening. it is only comparing the first row right? I need it to compare more

12

I figured it out on my own! I am so happy, here it is can you guys tell me what you think? Should I have done this another way?

&lt;?php

	// check to see if they have proper privieges
	$res = mysql_query("SELECT `id` FROM  `users` WHERE `group` =  'admin'");
	
	if (!$_SESSION['uid']) {
		// see if they are logged in and have a session
		echo 'you must be logged in to use this feature';
	} else {
		while ($row = mysql_fetch_array($res, MYSQL_NUM)) {
    			if ($row[0] == $_SESSION['uid']) {  
    				$admin = true;
    			} else {
    				$admin = false;
    			}
    		}
	}
	
	if ($admin == true) {		
?&gt;
This is test for admin == true.
&lt;?php
	} else {
?&gt;
This is test for admin == false.
&lt;?php
	}
?&gt;