A Problem - Mysql_numrows() function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mintsmike
Forum Newbie
Posts: 3
Joined: Fri Mar 20, 2009 2:23 am

A Problem - Mysql_numrows() function

Post by mintsmike »

Can I ask what is wrong with the following code. I have studied it to try and find any errors in my code but there were none. On my page it says 'Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/casiodev/public_html/Downloads/downModule.php on line 36'

Code: Select all

if(!empty($_GET["calc"]) && !empty($_GET["type"]) && empty($_GET['id'])) {
    $calc = $_GET["calc"];
    $type = $_GET["type"];
    
    mysql_connect("localhost","casiodev_admin","********");
    mysql_select_db("casiodev_web");
    $query = "SELECT * FROM downloads WHERE 'calc' = %$calc% AND 'type'=%$type% ";
    $result = mysql_query($query);
    $num = mysql_numrows($result);    // I have isolated the problem to this line
    $i=0;
    $top="135px";
    
    echo "<div class=\"stdDiv\" style=\"left:11%;top:$top;height:300px;width:88%;\">";
    echo "Calc: $calc <br />Type: $type";
    while( $i < $num ) {
        $name=mysql_result($result, $i, "name");
        $description=mysql_result($result, $i, "description");
        $downURL=mysql_result(result, $i, "downloads");
        $author=mysql_result($result, $i, "uploader");
        echo "<br />New Record<br />Name: $name<br />";
        /*echo "Name: $name <br />";
        echo "Description: $description <br />";
        echo "Download URL: $downURL <br />";
        echo "Program Author: $author <br />";
        */$i++;
    }
    echo "</div>";
}  

Thanks in advance for your help

Regards
Last edited by Benjamin on Sat May 09, 2009 10:05 am, edited 1 time in total.
Reason: Changed code type from text to php.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Re: A Problem - Mysql_numrows() function

Post by mickd »

Try using mysql_num_rows instead (with the _), though if the other one is equivalent, that won't solve the problem.

Chances are there's an error in your sql string. Try using this instead:

Code: Select all

 
$query = "SELECT * FROM downloads WHERE calc='$calc' AND type='$type'";
 
User avatar
jazz090
Forum Contributor
Posts: 176
Joined: Sun Apr 12, 2009 3:29 pm
Location: England

Re: A Problem - Mysql_numrows() function

Post by jazz090 »

change line 7 to:

Code: Select all

$query = "SELECT * FROM downloads WHERE calc = ".$calc." AND type=".$type;
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: A Problem - Mysql_numrows() function

Post by kaisellgren »

Your script is vulnerable to SQLi. Make sure you implement proper escaping.
jazz090 wrote:

Code: Select all

$query = "SELECT * FROM downloads WHERE calc = ".$calc." AND type=".$type;
That code is not secure even if you escape those values, because they need to be enclosed within quotes to separate the values from the SQL structure.
User avatar
jazz090
Forum Contributor
Posts: 176
Joined: Sun Apr 12, 2009 3:29 pm
Location: England

Re: A Problem - Mysql_numrows() function

Post by jazz090 »

yes i know its prone to attacks, i was just writing it the same way that mintsmike did
Post Reply