Page 1 of 1

mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 6:39 pm
by Dynamis
So I've been beating my head over this for the last 30 minutes or so and I don't know what little thing I'm missing. Figured why keep wasting my time when I can ask for help from a new point of view.

First lets start w/ the error:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in ******/process.php on line 29

Code: Select all

//lines 27 to 33 -> error line is $row = mysql_fetch_array($result);
$result = $database->selectData(TABLE_BARS,"id","username='".$username."' && password='".md5($password)."' LIMIT 1");
if($result){
    $row = mysql_fetch_array($result);
    $id = $row['id'];
    $this->addError("In if");
    $type = "bar";
}
 
selectData function

Code: Select all

 
function selectData($table, $toSelect, $whereStm){
    $q = "SELECT ".$toSelect." FROM ".$table." WHERE ".$whereStm;
    return mysql_query($q) or die("ERROR: ".mysql_error());
}
 
I echoed $q to make sure it was printing and I'm getting:
SELECT id FROM bars WHERE username='tester' && password='a029d0df84eb5549c641e04a9ef389e5' LIMIT 1
which when put into mysql prompt returns 1 row. So mysql_query should work, return a value, and I should be able to take the mysql_fetch_array of it. Any ideas why this would not be working?

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 6:55 pm
by Eran
Where is your database connection? it is probably not well configured, and it should be passed to the mysql_query as the second argument.

A couple of notes -
You are checking against $r in your conditional, but the query result is $result
Also, you are assigning $id from the variable $result, thought $row is the variable that contains the row data.

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 6:56 pm
by jaoudestudios
BTW, md5 is not really strong enough, your password is mypass.

Dont return mysql_query($q) out of the function, just return $q;

Why if ($r)... should it not be if ($result)...

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 6:58 pm
by Dynamis
I pasted the wrong code in there. It is now updated. I have a good database connection, it works for other queries. As for md5, that isn't the point of this topic no offense, just trying to get this query to work. Any other suggestions as to why it does not work?

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 6:59 pm
by EverLearning
For your selectData() method to work you need to return the mysql connection resource like this

Code: Select all

 
$result = mysql_query($q) or die("ERROR: ".mysql_error());
return $result;
Otherwise I think PHP returns the result of the OR operation between mysql_query() and die(), which is TRUE most of the time, instead of the mysql connection resource.

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 7:02 pm
by Dynamis
Thank you, that is exactly what was wrong.

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 7:07 pm
by jaoudestudios
You should have just reposted the code, not sure what the difference is now.

Just trying to help, you should be aware about the weakness of md5 (md5 was secure so many years ago!). So many newbies just want it to work to get the project done and move on to the next one not realising their school girl errors! No offence

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 7:13 pm
by Dynamis
So now that I have solved the problem, what is your suggestion for password encryption instead?

Re: mysql_query -> what am I missing?

Posted: Fri Aug 01, 2008 8:05 pm
by EverLearning
Not to be nitpicky, but md5 is a hash function, not an encryption. You could use SHA-512 for hashing user passwords, with the hash() function. And salt your passwords before saving them in the database

Code: Select all

hash('sha512', $yourSaltedPassword);
For more information about salting your passwords, read Mordred Password hashing howto and hownotto article.