Page 1 of 2
mysql_num_rows error - help!
Posted: Tue Nov 23, 2004 2:02 pm
by TheOracle
Hi All,
I'm getting the following error when submitting a form:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\phpWeb\Right-Track\authtest.php on line 50
The line is as follows:
Code: Select all
if(mysql_num_rows($rowCheck > 0))
{
my code here...
I have also tried this:
Code: Select all
$rowCheckResult = mysql_num_rows($rowCheck);
if($rowCheckResult > 0)
{
my code here.....
Hope someone can help.
Posted: Tue Nov 23, 2004 2:12 pm
by MarK (CZ)
You have bad parentheses there.
Code: Select all
if (mysql_num_rows($rowCheck > 0)) {
change to
Code: Select all
if (mysql_num_rows($rowCheck) > 0) {
If your second example isn't working, you're passing a variable which is not a valid mysql result resource (what's returned by mysql_query). Check if you're not getting an error (var would be FALSE).
Posted: Tue Nov 23, 2004 2:20 pm
by TheOracle
OK, I've changed it to the following, but still get exactly the same error:
Code: Select all
$rowCheck = mysql_query("select username from user_details where username = ".$_POST['username']); // check for duplicate rows
if(mysql_num_rows($rowCheck) > 0)
{
Posted: Tue Nov 23, 2004 3:05 pm
by MarK (CZ)
Check the query (print it). $_POST['username'] should be in quotes ( ' ) and escaped. If you still get error, check if mysql_query doesn't return FALSE. If so, check what does MySQL say about the error.
Posted: Tue Nov 23, 2004 3:30 pm
by John Cartwright
Code: Select all
<?php
//notice error checking
$rowCheck = mysql_query("select username from user_details where username = '".$_POST['username']."'") or die(mysql_error());
//check to see if valid resource
echo $rowCheck;
//should return something like Rescource #1 if valid
?>
Let me know what is returned
Posted: Tue Nov 23, 2004 3:34 pm
by andre_c
make sure that, when your code is done, you validate $_POST['username'] before you put it on the query.
Right now it's open for sql injections.
Posted: Wed Nov 24, 2004 12:55 am
by TheOracle
Hi Phenom,
It returns Resource id#4
Although I think it is the mysql_num_rows which is erroring, not the query.
Also, how do 'validate' $_POST['username']?
Posted: Wed Nov 24, 2004 3:09 am
by TheOracle
I think I've sorted the original problem.
Only problem I have now is that even if I put in a valid email address it comes up with, please enter a valid email address. Every time!!!!
Code: Select all
<?php
ob_start();
require_once('includes/link.php');
include("includes/funclib.inc");
if(isset($_GET['action'])) //variable set by URL on index.php
{
if($_GET['action'] == 'page_1')
{
$redirect = "redirect_page_1.php";
}
if($_GET['action'] == 'page_2')
{
$redirect = "redirect_page_2.php";
}
if($_GET['action'] == 'page_3')
{
$redirect = "redirect_page_3.php";
}
if($_GET['action'] == 'page_4')
{
$redirect = "redirect_page_4.php";
}
}
if(isset($_POST['formsubmit'])) //run when form submitted
{
$error_header = "The following errors occurred, please correct them<br>";
if(!$_POST['email'])
{
$error_msg = "Please Fill in the email field<br>";
}
if(!$_POST['password'])
{
$error_msg .= "Please fill in the password field<br>";
}
if(strlen($password) >
{
$error_msg .= "Your password must be less than 8 characters<br>";
}
if (!preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/',$login))
{
$error_msg .= "Please enter a valid email address<br>" ;
}
$rowCheck = mysql_query("select username from user_details where username = '".$_POST['username']."'") or die(mysql_error()); // check for duplicate rows
if (mysql_num_rows($rowCheck) > 0)
{
$error_msg .= "This email address has already been used, If you would like to make another application, please contact us by telephone";
}
if(!$error_msg) // run this if no errors
{
cleanMemberSession($id, $login, $password); //set session variables
mysql_select_db($database_pdb_conn, $link);
$result=mysql_query("insert into user_details (username, password)
values('$login', '$pass')") or die(mysql_error());
header("Location: ".$redirect);
}
}
?>
This is my code for the page.
Posted: Wed Nov 24, 2004 4:44 am
by phpScott
I'm not sure what $login is but you have
Code: Select all
<?php
if (!preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/',$login))
{
$error_msg .= "Please enter a valid email address<br>" ;
?>
Which is testing on $login and not $_POST['email'].
Posted: Wed Nov 24, 2004 5:39 am
by TheOracle
Thanks phpScott,
There wer alot of varivbale names from the form which I hadn't changed. I have now fixed all these and the form now works!!!! Hurray
Again, thanks everyone for your help.
I'm sure I'll need it again soon!
Posted: Wed Nov 24, 2004 6:47 am
by timvw
i think you're regular expression has some serious flaws/shortcomings. using such a flawed mechanism will result in people that can't use your site...
Here is a correct regular expression for an e-mail address:
http://www.ex-parrot.com/%7Epdw/Mail-RF ... dress.html
Posted: Wed Nov 24, 2004 7:34 am
by TheOracle
Your not honestly expecting me to put all that into my validation are you?
Posted: Wed Nov 24, 2004 9:20 am
by phpScott
OMG

Posted: Wed Nov 24, 2004 12:31 pm
by TheOracle
Is that an OMG at me or is it the size of that expression? I mean, talk about coding!
I think timvww is having a laugh!
Posted: Wed Nov 24, 2004 6:16 pm
by timvw
just do a little websearch on "e-mail validation frustration". because the regular expressions or whatever don't allow valid e-mail addresses.
if i understand the regex in this thread,
valid: john@0.0
invalid: john@localhost