MySQL Errors Driving me insane

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

MySQL Errors Driving me insane

Post by paqman »

I'm trying to make a log-in php page, and line 6-8 won't work. It just says they aren't a valid mysql resource. What's going on? I've tried everything I can think of, so once again, it's DevNetwork Forums to the rescue!

Code: Select all

if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];
Thanks!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

...and mysql_error() says?


separate issue: SQL injection alert. Search and be amazed. :)
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

you need to connect to the db first with mysql_connect().
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

Post by paqman »

Code: Select all

session_start(); 

//results - store name and username is session variables
if($cmd == "results") {
if($valid_user == 1) {
$_SESSION["s_name"] = $t_name;
$_SESSION["s_username"] = $t_username;
}
}

if($cmd == "logout") {
session_destroy();
}

 $dbh=mysql_connect ("localhost", "paqmanwe_paqman", "---------") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("paqmanwe_clients"); ?>


if($cmd == "results") {
if($valid_user == 1) { 
echo "Session started! Welcome $t_name! Redirecting to next step...";  }
if($valid_user == 2) { 
echo "Redirecting..."; }
}
if($cmd == logout) { 
echo "Logging out... Ending session..."; } ?>


<? //start no session
if (!isset($_SESSION["s_name"])) {
//start no cmd
if (!isset($cmd)) {
?>
<center>
<form method="post" action="order.php?cmd=login">
<table style="font-size: 12px;">
<? if ($display == "failed") { ?>
<tr><td colspan=2 style="color: red; text-align: center;">Log in Failed</td></tr><? } ?>
<? if ($display == "logout") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Logged Out</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Log In"></td></tr>
</table>
</form>
<br>
<a href="order.php?cmd=create">First time visitors click here</a><br><br>
</center>
<? 
//end no cmd (no session)
}


//sent to this page after clicking login, then redirected after 1200
if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];

if($numrows != "0" & $password == $fetch_em["3_password"]) {
$valid_user = 1;
echo "Log in successful! Continuing previous session..."; }
else {
$valid_user = 2;
echo "Log in failed."; 
session_destroy(); }
?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="<? echo $name; ?>">
<input type="hidden" name="valid_user" value="<? echo $valid_user; ?>">
</form>
<? 
// end submit page
}










// create a new username/password
if($cmd == "create") { ?>
<p>Please enter a username and password below, then click 'Create New Account.'</p>
<center>
<form method="post" action="order.php?cmd=createnew">
<table style="font-size: 12px;">
<? if ($display == "exists") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Username Already Exists<br>Please Try Another</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Create New Account"></td></tr>
</table>
</form>

<? }

// try to create a new one
if($cmd == "createnew") {
$username = $_POST["username"];
$password = $_POST["password"];
$check_exists = mysql_query("SELECT * FROM order WHERE 3_username = '$username'");

if(mysql_num_rows($check_exists) > 0) { ?>
<body onload=setTimeout("location.href='order.php?cmd=create&display=exists'",1200)>
<p>Redirecting...</p> <? }

if(mysql_num_rows($check_exists) == 0) {
$result=MYSQL_QUERY("INSERT INTO order (3_username,3_password)".
"VALUES ('$username', '$password')"); ?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="Client">
<input type="hidden" name="valid_user" value="1">
</form>
<p>Saving client information...</p><?
}
}

















//end no session
} 





// start session
if(isset($_SESSION["s_name"])) {
if(!isset($stage) && !isset($cmd)) { $stage = 1; } 

// stage 1: Design
if($stage == 1) { ?>
<p>Welcome! </p>

<? }


























// end session
}





?>
The problem lies in the lines after'//sent to this page after clicking login, then redirected after 1200 '. The error is:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I love being ignored.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

I love being ignored.
*Pats Feyd on the back* Don't worry, Feyd, its their loss.
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

Post by paqman »

paqman wrote:...ter 1200 '. The error is:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128
:wink: I don't ignore people
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

call mysql_error after the errors.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You actually did. Those errors are not from mysql_error().
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

Post by paqman »

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order WHERE 3_username = 'paqman'' at line 1
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

"order" is a keyword.

Backticks for all!

Code: Select all

SELECT `3_password` FROM `order` WHERE `3_username` = '$username'
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

Post by paqman »

thank you so much! I can't believe I did that...

Thanks! :D
Post Reply