Ad:

PHP Discussion Thread
Unsolved
Views: 1689

Apr 18th, 2009

Re: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

Expand Post »

i got this error:

PHP Syntax (Toggle Plain Text)
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\db.php on line 13
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\db.php on line 13

my php code is this:

php Syntax (Toggle Plain Text)
<?php
//Database Info
$dbhost="localhost";
$dbuser="root";
$dbpass="something";
$dbname="somedb";
$table="users";
//Connect to Database
$con=mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $con);
$user=$_POST['user'];
$pass=$_POST['pass'];
$query = "SELECT * FROM $table WHERE Username=$user AND Password=$pass";//MySQL Query
$result=mysql_query($query, $con);//Line 13 ERROR
$numresults=mysql_num_rows($result);//Check The Number Of Results
if($numresults == 1)
{
 $handle=fopen("boxsite.html", "a+");
 $contents=fread($handle, filesize("boxsite.html"));
 fclose($handle);
 echo $contents;
 }
 else
 {
$handle=fopen("LoginFail.html", "r");
$contents=fread($handle, filesize("LoginFail.html"));
fclose($handle);
echo $contents;
}
?>
<?php
//Database Info
$dbhost="localhost";
$dbuser="root";
$dbpass="something";
$dbname="somedb";
$table="users";
//Connect to Database
$con=mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $con);
$user=$_POST['user'];
$pass=$_POST['pass'];
$query = "SELECT * FROM $table WHERE Username=$user AND Password=$pass";//MySQL Query
$result=mysql_query($query, $con);//Line 13 ERROR
$numresults=mysql_num_rows($result);//Check The Number Of Results
if($numresults == 1)
{
 $handle=fopen("boxsite.html", "a+");
 $contents=fread($handle, filesize("boxsite.html"));
 fclose($handle);
 echo $contents;
 }
 else
 {
$handle=fopen("LoginFail.html", "r");
$contents=fread($handle, filesize("LoginFail.html"));
fclose($handle);
echo $contents;
}
?>

i searched numerous times but i can't find what's wrong with my query. plz help me

Last edited by superyo; Apr 18th, 2009 at 2:17 pm.

Similar Threads

superyo

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Apr 2009

Permalink

Apr 18th, 2009

Re: Supplied argument is not a valid MySQL result resource

Enclose strings between quotes:

php Syntax (Toggle Plain Text)
$query = "SELECT * FROM $table WHERE Username='".$user."' AND Password='".$pass."'";
$query = "SELECT * FROM $table WHERE Username='".$user."' AND Password='".$pass."'";

martin5211

Reputation Points: 52

Solved Threads: 23

Posting Whiz in Training

Offline

271 posts
since Aug 2007

Permalink

Apr 19th, 2009

Re: Supplied argument is not a valid MySQL result resource

mmm ithink there's a problem with your query.
try to echo-ing to query like this :

PHP Syntax (Toggle Plain Text)

echo $query;

is it read $user and $pass variable ??
if its not read those variable you can change query syntak like this :

PHP Syntax (Toggle Plain Text)

$query = "SELECT * FROM $table WHERE Username='$user' AND Password='$pass';

rudevils

Reputation Points: 10

Solved Threads: 10

Junior Poster in Training

Offline

80 posts
since Jan 2008

Permalink

Apr 19th, 2009

Re: Supplied argument is not a valid MySQL result resource

Click to Expand / Collapse Quote originally posted by martin5211 ...

Enclose strings between quotes:
php Syntax (Toggle Plain Text)
$query = "SELECT * FROM $table WHERE Username='".$user."' AND Password='".$pass."'";
$query = "SELECT * FROM $table WHERE Username='".$user."' AND Password='".$pass."'";

Thank you so much that fixed it. I would never understand where the problem was though. I have never seen a syntax like this. Quotes, double quotes and full stops. I know the problem is gone but could you please explain why it is like this? U see i want to learn the correct way by understanding it and not by heart. Thank u in advance

superyo

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Apr 2009

Permalink

Apr 19th, 2009

Re: Supplied argument is not a valid MySQL result resource

Strings, values (except numeric) in SQL must be enclosed into quotes. Quotes delimit the string content, avoiding being confused by the interpreter, due to a string can contain spaces and non-alphanumeric characters.

You started the SQL sentence with double quotes , it's important to end it with the same quotes. After the sentence I use dots to concatenate (join) variables results and add another portion of text (like the a single quote to end the string).

If that code is a login script, I suggest to use mysql_real_escape_string() on the SQL query variables to avoid a common vulnerability called MySQL injection. This function will convert the quotes that can be used on username field so the user cannot rewrite the SQL query.

More details:

http://php.net/mysql_real_escape_string

Last edited by martin5211; Apr 19th, 2009 at 11:07 am.

martin5211

Reputation Points: 52

Solved Threads: 23

Posting Whiz in Training

Offline

271 posts
since Aug 2007

Permalink

Apr 19th, 2009

Re: Supplied argument is not a valid MySQL result resource

Click to Expand / Collapse Quote originally posted by martin5211 ...

Strings, values (except numeric) in SQL must be enclosed into quotes. Quotes delimit the string content, avoiding being confused by the interpreter, due to a string can contain spaces and non-alphanumeric characters.

You started the SQL sentence with double quotes , it's important to end it with the same quotes. After the sentence I use dots to concatenate (join) variables results and add another portion of text (like the a single quote to end the string).

If that code is a login script, I suggest to use mysql_real_escape_string() on the SQL query variables to avoid a common vulnerability called MySQL injection. This function will convert the quotes that can be used on username field so the user cannot rewrite the SQL query.

More details:

http://php.net/mysql_real_escape_string

Well if i undestood correctly what u said was that the single quotes(' ') u use come from the SQL syntax and are used for strings and the double quotes(" ") with the dots come from PHP and join variables that we want to display with other text. Now because we write a php script and it contains an SQL query we use them together?
Oh and thanx for the tip!

superyo

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Apr 2009

Permalink

Apr 19th, 2009

Re: Supplied argument is not a valid MySQL result resource

That's correct. There is better methods to show the code in a more readable way e.g. using sprintf() like in PHP.net mysql_real_escape_string() reference, curly braces on variables, doing escaping before SQL query $user=mysql_real_escape_string($_POST['user']); .

martin5211

Reputation Points: 52

Solved Threads: 23

Posting Whiz in Training

Offline

271 posts
since Aug 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: edit PDF with PHP

Next Thread in PHP Forum Timeline: Return Car Make from MySQL database & have the make hyperlinked.

DaniWeb Message

Cancel Changes

User Name
Password