Page 1 of 1
MySQL Errors Driving me insane
Posted: Sun Aug 20, 2006 8:49 pm
by paqman
I'm trying to make a log-in php page, and line 6-8 won't work. It just says they aren't a valid mysql resource. What's going on? I've tried everything I can think of, so once again, it's DevNetwork Forums to the rescue!
Code: Select all
if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];
Thanks!
Posted: Sun Aug 20, 2006 8:51 pm
by feyd
...and
mysql_error() says?
separate issue: SQL injection alert. Search and be amazed.

Posted: Sun Aug 20, 2006 8:51 pm
by Ollie Saunders
you need to connect to the db first with
mysql_connect().
Posted: Sun Aug 20, 2006 9:38 pm
by paqman
Code: Select all
session_start();
//results - store name and username is session variables
if($cmd == "results") {
if($valid_user == 1) {
$_SESSION["s_name"] = $t_name;
$_SESSION["s_username"] = $t_username;
}
}
if($cmd == "logout") {
session_destroy();
}
$dbh=mysql_connect ("localhost", "paqmanwe_paqman", "---------") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("paqmanwe_clients"); ?>
if($cmd == "results") {
if($valid_user == 1) {
echo "Session started! Welcome $t_name! Redirecting to next step..."; }
if($valid_user == 2) {
echo "Redirecting..."; }
}
if($cmd == logout) {
echo "Logging out... Ending session..."; } ?>
<? //start no session
if (!isset($_SESSION["s_name"])) {
//start no cmd
if (!isset($cmd)) {
?>
<center>
<form method="post" action="order.php?cmd=login">
<table style="font-size: 12px;">
<? if ($display == "failed") { ?>
<tr><td colspan=2 style="color: red; text-align: center;">Log in Failed</td></tr><? } ?>
<? if ($display == "logout") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Logged Out</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Log In"></td></tr>
</table>
</form>
<br>
<a href="order.php?cmd=create">First time visitors click here</a><br><br>
</center>
<?
//end no cmd (no session)
}
//sent to this page after clicking login, then redirected after 1200
if($cmd == "login") {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = mysql_query("SELECT 3_password FROM order WHERE 3_username = '$username'");
$sql2 = mysql_query("SELECT first FROM order WHERE 3_username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$fetch_em2 = mysql_fetch_array($sql2);
$numrows = mysql_num_rows($sql);
$name = $fetch_em2["first"];
if($numrows != "0" & $password == $fetch_em["3_password"]) {
$valid_user = 1;
echo "Log in successful! Continuing previous session..."; }
else {
$valid_user = 2;
echo "Log in failed.";
session_destroy(); }
?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="<? echo $name; ?>">
<input type="hidden" name="valid_user" value="<? echo $valid_user; ?>">
</form>
<?
// end submit page
}
// create a new username/password
if($cmd == "create") { ?>
<p>Please enter a username and password below, then click 'Create New Account.'</p>
<center>
<form method="post" action="order.php?cmd=createnew">
<table style="font-size: 12px;">
<? if ($display == "exists") { ?>
<tr><td colspan=2 style="color: orange; text-align: center;">Username Already Exists<br>Please Try Another</td></tr><? } ?>
<tr><td>Username:</td>
<td><input type="text" name="username"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="Submit" value="Create New Account"></td></tr>
</table>
</form>
<? }
// try to create a new one
if($cmd == "createnew") {
$username = $_POST["username"];
$password = $_POST["password"];
$check_exists = mysql_query("SELECT * FROM order WHERE 3_username = '$username'");
if(mysql_num_rows($check_exists) > 0) { ?>
<body onload=setTimeout("location.href='order.php?cmd=create&display=exists'",1200)>
<p>Redirecting...</p> <? }
if(mysql_num_rows($check_exists) == 0) {
$result=MYSQL_QUERY("INSERT INTO order (3_username,3_password)".
"VALUES ('$username', '$password')"); ?>
<form name="verifyuser" action="order.php?cmd=results" method="post">
<input type="hidden" name="t_username" value="<? echo $username; ?>">
<input type="hidden" name="t_name" value="Client">
<input type="hidden" name="valid_user" value="1">
</form>
<p>Saving client information...</p><?
}
}
//end no session
}
// start session
if(isset($_SESSION["s_name"])) {
if(!isset($stage) && !isset($cmd)) { $stage = 1; }
// stage 1: Design
if($stage == 1) { ?>
<p>Welcome! </p>
<? }
// end session
}
?>
The problem lies in the lines after'//sent to this page after clicking login, then redirected after 1200 '. The error is:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128
Posted: Sun Aug 20, 2006 9:43 pm
by feyd
I love being ignored.
Posted: Sun Aug 20, 2006 9:51 pm
by Ollie Saunders
I love being ignored.
*Pats Feyd on the back* Don't worry, Feyd, its their loss.
Posted: Sun Aug 20, 2006 9:54 pm
by paqman
paqman wrote:...ter 1200 '. The error is:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 126
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 127
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paqmanwe/public_html/bnew/order.php on line 128

I don't ignore people
Posted: Sun Aug 20, 2006 9:55 pm
by Ollie Saunders
call mysql_error after the errors.
Posted: Sun Aug 20, 2006 9:56 pm
by feyd
You actually did. Those errors are not from
mysql_error().
Posted: Sun Aug 20, 2006 9:58 pm
by paqman
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order WHERE 3_username = 'paqman'' at line 1
Posted: Sun Aug 20, 2006 10:02 pm
by feyd
"order" is a keyword.
Backticks for all!
Code: Select all
SELECT `3_password` FROM `order` WHERE `3_username` = '$username'
Posted: Sun Aug 20, 2006 10:04 pm
by paqman
thank you so much! I can't believe I did that...
Thanks!
