Problem with passing mysql_num_rows an argument

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Problem with passing mysql_num_rows an argument

Post by lprubin »

I'm trying to write simple username and password registration code.

I get the following error telling me my argument is not acceptable for the mysql_num_rows command. In the code below, row 6 = to row 19 in the error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\register.php on line 19

Is there something wrong with my $query statement above it?

Code: Select all

 
if($_POST['submit']){
    $_POST['username'] = trim($_POST['username']);
    if($_POST['username'] && strlen($_POST['username']) >=3){
        $query = mysql_query("SELECT 'id' FROM 'users' WHERE 'username'='".$_POST['username']."' LIMIT 1");
        if(mysql_num_rows($query)){
            $error['userexists'] = 'Username exists';
        }
    }
    else {
        $error['usernameinput'] = 'Please enter a username of 3+ characters';
    }
}
 
Thank you for any help debugging this one.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Problem with passing mysql_num_rows an argument

Post by requinix »

According to the manual, mysql_query returns a resource or false. mysql_num_rows wants a resource, so since it's complaining $query must be false.
It would be false because there's a problem with your query.

Code: Select all

$query = mysql_query("SELECT 'id' FROM 'users' WHERE 'username'='".$_POST['username']."' LIMIT 1") or die(mysql_error());
Now you'll see an error message, but I'll save you the trouble and fix it for you.

Code: Select all

$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
Last edited by requinix on Sun Nov 02, 2008 11:46 pm, edited 1 time in total.
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

Thanks for your help!

So the problem is that I didn't escape my strings?

When I replace my line of code with yours I get this error:
Parse error: syntax error, unexpected ';' in C:\wamp\www\register.php on line 18

Line 18 is the line where I replaced my code with yours.

If I remove the semi-colon at the end of your statement I get this error:
Parse error: syntax error, unexpected T_IF in C:\wamp\www\register.php on line 19.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Problem with passing mysql_num_rows an argument

Post by requinix »

I missed a ) in that second bit of code.

Code: Select all

$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

Thanks. That solved that problem.

But now I have another one and no error message to work with.

Now what happens is that when I hit submit after I've filled out the form, it goes to the next page with no error but now the page is completely blank and the info was NOT inputted into the database.

I suppose you'll be needing to see my entire block of code to help figure this one out? Should I make this a new thread since it is a different problem?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Problem with passing mysql_num_rows an argument

Post by requinix »

Nah, just post it here.

But first, put

Code: Select all

ini_set("display_errors", 1);
at the top of the file and try again.
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

Still completely blank.


Here is my code (I did replace username and password with the proper logins in the actual code):

Code: Select all

 
<html>
<head></head>
<body>
 
<?php
 
ini_set("display_errors", 1);
 
$config['address'] = 'localhost';
$config['username'] = 'username';
$config['password'] = 'mypassword';
$config['databasename'] = 'regtut';
 
mysql_connect($config['address'], $config['username'], $config['password']);
mysql_select_db($config['databasename']);
 
if($_POST['submit']){
    $_POST['username'] = trim($_POST['username']);
    if($_POST['username'] && strlen($_POST['username']) >=3){
        $query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
        if(mysql_num_rows($query)){
            $error['userexists'] = 'Username exists';
        }
    }
    else {
        $error['usernameinput'] = 'Please enter a username of 3+ characters';
    }
}
 
if(!$error && $_POST['submit']){
    $query = mysql_query("INSERT INTO 'users' (username, email, password) VALUES ('".$_POST['username']."', '".$_POST['email']."', '".md5($_POST['password1'])."')");
    if($query){
        echo $_POST['username'].' is now registered';
    }
 
} else {
 
?>
 
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
 
<?php
    }
?>
 
</body>
</html>
 
 
bmoyles0117
Forum Newbie
Posts: 22
Joined: Sun Nov 02, 2008 1:46 am

Re: Problem with passing mysql_num_rows an argument

Post by bmoyles0117 »

hahaha dude. Change your form to add one input

Code: Select all

 
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="submit" value="true" />
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
 
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Problem with passing mysql_num_rows an argument

Post by requinix »

And that teaches me to explain, not fix.

Code: Select all

$query = mysql_query("INSERT INTO 'users' (username, email, password) VALUES ('".$_POST['username']."', '".$_POST['email']."', '".md5($_POST['password1'])."')");
Same problem as before: tables and fields use backticks (` - the tilde key on en-us keyboards) not apostrophes.
Just like in PHP, in SQL apostrophes and quotation marks are for strings.
Also the query isn't secure. In the code I fixed earlier I used mysql_real_escape_string: whenever you want to put user input into a query you use that function. It prepares strings for safe use by escaping things like apostrophes - if someone put an apostrophe in they could break the query, or worse use it to their own advantage.

So having said that:

Code: Select all

$query = mysql_query("INSERT INTO `users` (username, email, password) VALUES ('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['email'])."', '".md5($_POST['password1'])."')");
Note how I didn't use mysql_real_escape_string for the password. I said it prepares strings by escaping bad characters. md5() will always return a string consisting only of letters and numbers - they're safe, so mres() isn't necessary.
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

Yup, that's probably the problem. I read an entire php tutorial that used mysql and that was never mentioned once. You'd think they'd at least mention the fact that ' is different than ` since it seems like a pretty easy mistake to make for a beginner. I'll go through and fix everything and let you know my results. Thanks again.
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

Yup, that fixed the problem. Thank you tasairis. That was a big lesson in doing MySQL with php.
lprubin
Forum Newbie
Posts: 7
Joined: Sun Nov 02, 2008 9:38 pm

Re: Problem with passing mysql_num_rows an argument

Post by lprubin »

bmoyles0117 wrote:hahaha dude. Change your form to add one input

Code: Select all

 
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="submit" value="true" />
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
 
By adding that line of code, what is that doing? Is that checking to see if submit has already been pressed?
bmoyles0117
Forum Newbie
Posts: 22
Joined: Sun Nov 02, 2008 1:46 am

Re: Problem with passing mysql_num_rows an argument

Post by bmoyles0117 »

no sir. Your code is looking for a field existing by the name of submit.

Code: Select all

 
if($_POST['submit']){
 
You need to declare some sort of field in the submitted data with a name of submit and some generic value.

thusforth

<input type="hidden" name="submit" value="true" />
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Problem with passing mysql_num_rows an argument

Post by requinix »

bmoyles0117 wrote:no sir. Your code is looking for a field existing by the name of submit.

Code: Select all

 
if($_POST['submit']){
 
You need to declare some sort of field in the submitted data with a name of submit and some generic value.

thusforth

<input type="hidden" name="submit" value="true" />
Not true. The submit button counts. Easy way to verify that:
Go to google.com, pick a search string and click the "Google Search" button.
On the results page, if you look at the URL you'll see

Code: Select all

...&btnG=Google+Search...
That's with GET: same thing happens with POST too.
bmoyles0117
Forum Newbie
Posts: 22
Joined: Sun Nov 02, 2008 1:46 am

Re: Problem with passing mysql_num_rows an argument

Post by bmoyles0117 »

&btnG=Google+Search

Please note that the name of the input is "btnG"

Thusforth, the form probably consists of an image type submit button.
Post Reply