PHP MySQL Query

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
iWizard
Forum Newbie
Posts: 6
Joined: Sun Jun 14, 2009 10:52 am

PHP MySQL Query

Post by iWizard »

I have tried for the past 3 hours and cannot seem to find where my code is going wrong. Could someone please read the code below and tell me why it keeps on returning an error when trying to run "mysql_fetch_array()".

Code: Select all

<?php
session_name("internalweb");
session_start();
 
$username=$_REQUEST["log"];
$password=$_REQUEST["pwd"];
 
$sha1_password=sha1($password);
 
include("database.php");
 
 
//Where the error occurs
$mysql_query="SELECT * FROM 'login' WHERE 'USERNAME'='$username'";
$mysql_array=mysql_query($mysql_query);
$mysql_return=$mysql_fetch_array($mysql_array);
 
if($mysql_return[BANNED]==0)
{
    if($mysql_return[PASSWORD]==$sha1_password)
    {
        $userip=$_SERVER["REMORE_ADDR"];
        $_SESSION["loggedin"]="1";
        $_SESSION["name"]=$mysql_return[NAME];
        $_SESSION["username"]=$mysql_return[USERNAME];
        $_SESSION["email"]=$mysql_return[EMAIL];
        $_SESSION["lastip"]=$mysql_return[LASTIP];
        $_SESSION["inout"]=$mysql_return[INOUT];
        $numinout=$mysql_return[INOUT]+"1";
        $mysql_update="UPDATE 'login' SET 'lastip' = '$userip' AND 'INOUT' = '$numinout' WHERE 'ID' = '".$mysql_query[ID]."'";
        echo $mysql_update;
        echo mysql_query($mysql_update);
        header("-top secret-");
    } else {
        header("-top secret-");
    }
} else {
    header("-top secret-");
}
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: PHP MySQL Query

Post by Weirdan »

because you have a $ in your function call:

Code: Select all

 
$mysql_return=$mysql_fetch_array($mysql_array);
// should be
$mysql_return = mysql_fetch_array($mysql_array);
 
iWizard
Forum Newbie
Posts: 6
Joined: Sun Jun 14, 2009 10:52 am

Re: PHP MySQL Query

Post by iWizard »

I fixed that. It was a copy and paste error. But, I am still getting, the error

Code: Select all

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/iwizard1/public_html/www/internal/do-login.php  on line 14
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: PHP MySQL Query

Post by Weirdan »

Btw, your query is wrong as well:

Code: Select all

 
$mysql_query="SELECT * FROM 'login' WHERE 'USERNAME'='$username'";
// should be
$mysql_query="SELECT * FROM `login` WHERE `USERNAME`='" . mysql_real_escape_string($username) . "'";
 
In MySQL field and table names are quoted using backticks. mysql_real_escape_string is required to allow usernames like this to behave correctly: Billy';drop table login --
Post Reply