Page 1 of 2
Problem with passing mysql_num_rows an argument
Posted: Sun Nov 02, 2008 9:47 pm
by lprubin
I'm trying to write simple username and password registration code.
I get the following error telling me my argument is not acceptable for the mysql_num_rows command. In the code below, row 6 = to row 19 in the error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\register.php on line 19
Is there something wrong with my $query statement above it?
Code: Select all
if($_POST['submit']){
$_POST['username'] = trim($_POST['username']);
if($_POST['username'] && strlen($_POST['username']) >=3){
$query = mysql_query("SELECT 'id' FROM 'users' WHERE 'username'='".$_POST['username']."' LIMIT 1");
if(mysql_num_rows($query)){
$error['userexists'] = 'Username exists';
}
}
else {
$error['usernameinput'] = 'Please enter a username of 3+ characters';
}
}
Thank you for any help debugging this one.
Re: Problem with passing mysql_num_rows an argument
Posted: Sun Nov 02, 2008 10:14 pm
by requinix
According to the
manual, mysql_query returns a resource or false. mysql_num_rows wants a resource, so since it's complaining $query must be false.
It would be false because there's a problem with your query.
Code: Select all
$query = mysql_query("SELECT 'id' FROM 'users' WHERE 'username'='".$_POST['username']."' LIMIT 1") or die(mysql_error());
Now you'll see an error message, but I'll save you the trouble and fix it for you.
Code: Select all
$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
Re: Problem with passing mysql_num_rows an argument
Posted: Sun Nov 02, 2008 11:30 pm
by lprubin
Thanks for your help!
So the problem is that I didn't escape my strings?
When I replace my line of code with yours I get this error:
Parse error: syntax error, unexpected ';' in C:\wamp\www\register.php on line 18
Line 18 is the line where I replaced my code with yours.
If I remove the semi-colon at the end of your statement I get this error:
Parse error: syntax error, unexpected T_IF in C:\wamp\www\register.php on line 19.
Re: Problem with passing mysql_num_rows an argument
Posted: Sun Nov 02, 2008 11:45 pm
by requinix
I missed a ) in that second bit of code.
Code: Select all
$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 12:49 am
by lprubin
Thanks. That solved that problem.
But now I have another one and no error message to work with.
Now what happens is that when I hit submit after I've filled out the form, it goes to the next page with no error but now the page is completely blank and the info was NOT inputted into the database.
I suppose you'll be needing to see my entire block of code to help figure this one out? Should I make this a new thread since it is a different problem?
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 1:07 am
by requinix
Nah, just post it here.
But first, put
at the top of the file and try again.
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 1:17 am
by lprubin
Still completely blank.
Here is my code (I did replace username and password with the proper logins in the actual code):
Code: Select all
<html>
<head></head>
<body>
<?php
ini_set("display_errors", 1);
$config['address'] = 'localhost';
$config['username'] = 'username';
$config['password'] = 'mypassword';
$config['databasename'] = 'regtut';
mysql_connect($config['address'], $config['username'], $config['password']);
mysql_select_db($config['databasename']);
if($_POST['submit']){
$_POST['username'] = trim($_POST['username']);
if($_POST['username'] && strlen($_POST['username']) >=3){
$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($query)){
$error['userexists'] = 'Username exists';
}
}
else {
$error['usernameinput'] = 'Please enter a username of 3+ characters';
}
}
if(!$error && $_POST['submit']){
$query = mysql_query("INSERT INTO 'users' (username, email, password) VALUES ('".$_POST['username']."', '".$_POST['email']."', '".md5($_POST['password1'])."')");
if($query){
echo $_POST['username'].' is now registered';
}
} else {
?>
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
<?php
}
?>
</body>
</html>
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 1:42 am
by bmoyles0117
hahaha dude. Change your form to add one input
Code: Select all
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="submit" value="true" />
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 1:45 am
by requinix
And that teaches me to explain, not fix.
Code: Select all
$query = mysql_query("INSERT INTO 'users' (username, email, password) VALUES ('".$_POST['username']."', '".$_POST['email']."', '".md5($_POST['password1'])."')");
Same problem as before: tables and fields use backticks (` - the tilde key on en-us keyboards) not apostrophes.
Just like in PHP, in SQL apostrophes and quotation marks are for strings.
Also the query isn't secure. In the code I fixed earlier I used
mysql_real_escape_string: whenever you want to put user input into a query you use that function. It prepares strings for safe use by escaping things like apostrophes - if someone put an apostrophe in they could break the query, or worse use it to their own advantage.
So having said that:
Code: Select all
$query = mysql_query("INSERT INTO `users` (username, email, password) VALUES ('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['email'])."', '".md5($_POST['password1'])."')");
Note how I didn't use mysql_real_escape_string for the password. I said it prepares strings by escaping bad characters. md5() will always return a string consisting only of letters and numbers - they're safe, so mres() isn't necessary.
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 2:11 am
by lprubin
Yup, that's probably the problem. I read an entire php tutorial that used mysql and that was never mentioned once. You'd think they'd at least mention the fact that ' is different than ` since it seems like a pretty easy mistake to make for a beginner. I'll go through and fix everything and let you know my results. Thanks again.
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 2:13 pm
by lprubin
Yup, that fixed the problem. Thank you tasairis. That was a big lesson in doing MySQL with php.
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 2:14 pm
by lprubin
bmoyles0117 wrote:hahaha dude. Change your form to add one input
Code: Select all
<form name="reg" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="submit" value="true" />
username: <input type="text" name="username" /><?php echo $error['userexists']; echo $error['usernameinput']; ?><br />
email: <input type="text" name="email" /><br />
password1: <input type="password" name="password1" /><br />
password2: <input type="password" name="password2" /><br />
<input type="submit" name="submit" value="register" />
</form>
By adding that line of code, what is that doing? Is that checking to see if submit has already been pressed?
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 4:26 pm
by bmoyles0117
no sir. Your code is looking for a field existing by the name of submit.
You need to declare some sort of field in the submitted data with a name of submit and some generic value.
thusforth
<input type="
hidden"
name="submit" value="
true" />
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 4:35 pm
by requinix
bmoyles0117 wrote:no sir. Your code is looking for a field existing by the name of submit.
You need to declare some sort of field in the submitted data with a name of submit and some generic value.
thusforth
<input type="
hidden"
name="submit" value="
true" />
Not true. The submit button counts. Easy way to verify that:
Go to
google.com, pick a search string and click the "Google Search" button.
On the results page, if you look at the URL you'll see
That's with GET: same thing happens with POST too.
Re: Problem with passing mysql_num_rows an argument
Posted: Mon Nov 03, 2008 9:28 pm
by bmoyles0117
&btnG=Google+Search
Please note that the name of the input is "btnG"
Thusforth, the form probably consists of an image type submit button.