Page 1 of 2

mysql_num_rows error - help!

Posted: Tue Nov 23, 2004 2:02 pm
by TheOracle
Hi All,

I'm getting the following error when submitting a form:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\phpWeb\Right-Track\authtest.php on line 50

The line is as follows:

Code: Select all

if(mysql_num_rows($rowCheck > 0)) 
{
my code here...
I have also tried this:

Code: Select all

$rowCheckResult = mysql_num_rows($rowCheck); 
if($rowCheckResult > 0) 
{
my code here.....
Hope someone can help.

Posted: Tue Nov 23, 2004 2:12 pm
by MarK (CZ)
You have bad parentheses there.

Code: Select all

if (mysql_num_rows($rowCheck > 0)) {
change to

Code: Select all

if (mysql_num_rows($rowCheck) > 0) {


If your second example isn't working, you're passing a variable which is not a valid mysql result resource (what's returned by mysql_query). Check if you're not getting an error (var would be FALSE).

Posted: Tue Nov 23, 2004 2:20 pm
by TheOracle
OK, I've changed it to the following, but still get exactly the same error:

Code: Select all

$rowCheck = mysql_query("select username from user_details where username = ".$_POST['username']); 	// check for duplicate rows
	if(mysql_num_rows($rowCheck) > 0)
	{

Posted: Tue Nov 23, 2004 3:05 pm
by MarK (CZ)
Check the query (print it). $_POST['username'] should be in quotes ( ' ) and escaped. If you still get error, check if mysql_query doesn't return FALSE. If so, check what does MySQL say about the error.

Posted: Tue Nov 23, 2004 3:30 pm
by John Cartwright

Code: Select all

<?php

//notice error checking
$rowCheck = mysql_query("select username from user_details where username = '".$_POST['username']."'") or die(mysql_error());

//check to see if valid resource
echo $rowCheck;
//should return something like Rescource #1 if valid
?>
Let me know what is returned

Posted: Tue Nov 23, 2004 3:34 pm
by andre_c
make sure that, when your code is done, you validate $_POST['username'] before you put it on the query.
Right now it's open for sql injections.

Posted: Wed Nov 24, 2004 12:55 am
by TheOracle
Hi Phenom,

It returns Resource id#4

Although I think it is the mysql_num_rows which is erroring, not the query.

Also, how do 'validate' $_POST['username']?

Posted: Wed Nov 24, 2004 3:09 am
by TheOracle
I think I've sorted the original problem.

Only problem I have now is that even if I put in a valid email address it comes up with, please enter a valid email address. Every time!!!!

Code: Select all

<?php
ob_start();
require_once('includes/link.php'); 
include("includes/funclib.inc"); 


if(isset($_GET['action'])) 	//variable set by URL on index.php
{ 
	if($_GET['action'] == 'page_1') 
	{ 
	$redirect = "redirect_page_1.php"; 
	} 
	if($_GET['action'] == 'page_2') 
	{ 
	$redirect = "redirect_page_2.php"; 
	} 
	if($_GET['action'] == 'page_3') 
	{ 
	$redirect = "redirect_page_3.php"; 
	} 
	if($_GET['action'] == 'page_4') 
	{ 
	$redirect = "redirect_page_4.php"; 
	} 
} 
if(isset($_POST['formsubmit']))  //run when form submitted
{ 
	$error_header = "The following errors occurred, please correct them<br>"; 

	if(!$_POST['email']) 
	{ 
	$error_msg = "Please Fill in the email field<br>"; 
	} 
	if(!$_POST['password']) 
	{ 
	$error_msg .= "Please fill in the password field<br>"; 
	} 
	if(strlen($password) > 
	{ 
    $error_msg .= "Your password must be less than 8 characters<br>"; 
	}
	if (!preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/',$login)) 
    {
	$error_msg .= "Please enter a valid email address<br>" ; 
    } 
	$rowCheck = mysql_query("select username from user_details where username = '".$_POST['username']."'")  or die(mysql_error());  	// check for duplicate rows
	if (mysql_num_rows($rowCheck) > 0)
	{
	$error_msg .= "This email address has already been used, If you would like to make another application, please contact us by telephone";
	}
	if(!$error_msg) 	// run this if no errors
	{ 
	cleanMemberSession($id, $login, $password);  //set session variables
	mysql_select_db($database_pdb_conn, $link); 
	$result=mysql_query("insert into user_details (username, password) 
                        values('$login', '$pass')") or die(mysql_error()); 
	header("Location: ".$redirect); 
	}
} 
?>
This is my code for the page.

Posted: Wed Nov 24, 2004 4:44 am
by phpScott
I'm not sure what $login is but you have

Code: Select all

<?php
if (!preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/',$login)) 
    {
    $error_msg .= "Please enter a valid email address<br>" ; 
?>
Which is testing on $login and not $_POST['email'].

Posted: Wed Nov 24, 2004 5:39 am
by TheOracle
Thanks phpScott,

There wer alot of varivbale names from the form which I hadn't changed. I have now fixed all these and the form now works!!!! Hurray

Again, thanks everyone for your help.

I'm sure I'll need it again soon!

Posted: Wed Nov 24, 2004 6:47 am
by timvw
i think you're regular expression has some serious flaws/shortcomings. using such a flawed mechanism will result in people that can't use your site...

Here is a correct regular expression for an e-mail address:
http://www.ex-parrot.com/%7Epdw/Mail-RF ... dress.html

Posted: Wed Nov 24, 2004 7:34 am
by TheOracle
Your not honestly expecting me to put all that into my validation are you?

Posted: Wed Nov 24, 2004 9:20 am
by phpScott
OMG 8O

Posted: Wed Nov 24, 2004 12:31 pm
by TheOracle
Is that an OMG at me or is it the size of that expression? I mean, talk about coding!

I think timvww is having a laugh!

Posted: Wed Nov 24, 2004 6:16 pm
by timvw
just do a little websearch on "e-mail validation frustration". because the regular expressions or whatever don't allow valid e-mail addresses.

if i understand the regex in this thread,

valid: john@0.0
invalid: john@localhost