My code:

<?php 
include("db.php"); 
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))


//Prevent SQL injections 
$username = mysql_real_escape_string($_POST['username']); 
$email = mysql_real_escape_string($_POST['email']); 


//Get MD5 hash of password 
$password = md5($_POST['password']); 

//Check to see if username exists 
$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if (mysql_num_rows($sql)>0) 

{ 
die ("Username taken."); 
} 


mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); 

} 
?>

My error is occuring on line 16, "if (mysql_num_rows($sql)>0)"
Another similar error is occuring in my database PHP

<?php
session_start();
mysql_connect("-", "-", "-");
mysql_select_db("mydb"); 
function user_login ($username, $password) 
{ 
//take the username and prevent SQL injections 
$username = mysql_real_escape_string($username); 
//begin the query 
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '".$username."' AND password = '".$password."' LIMIT 1"); 
//check to see how many rows were returned 
$rows = mysql_num_rows($sql); 
if ($rows<=0 )
{ 
echo "Incorrect username/password"; 
}
else 
{ 
//have them logged in 
$_SESSION['username'] = $username; 
} 
}
?>

Error here is "$rows = mysql_num_rows($sql);"
And yes, I know mySQL login is blank, I did that myself.

Recommended Answers

All 4 Replies

Just to add, I'm newish to PHP.
Also it would help if I added the error I'm getting
mysql_num_rows(): supplied argument is not a valid MySQL result resource in (My file directories)
Both have this error.

Do an error check (check the return) on each of the MySQL functions. One of the previous ones is failing.

What's happening is your queries are erring out. Thus instead of a MySQL resource being returned by mysql_query (), an error is being passed. mysql_num_rows () expects, not surprisingly, a MySQL resource and not such an error.

One of the easiest ways to output this (per chrishea's suggestion) is to use an or die () clause.

$sql = mysql_query ('SQL HERE') or die (mysql_error ());

The result is: if the query fails the or die () will invoke, outputting the contents of mysql_error ().

One final note: you're using the outdated and, now, deprecated MySQL API. Unfortunately many online tutorials/guides are slow to move with the tides. It has been an extremely long time since the original API has been recommended, though. I would strongly encourage you to read up on, and switch over to, MySQLi or PDO. Given you're still very new, MySQLi done procedurally may be your best bet.

The likely cause of the error is missing POST data. You are nicely doing a check on the beginning:

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

but you forgot the starting curly bracket after the statement:

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) 
{ ...

You can also use simple debugging techniques my means of inserting die() statements at suspicious points of code. In your case yiou can check what the query looks like with POST data:

// first construct the query
//(no need to concatenate, just use the variable within the double quoted string)
$query = "SELECT username FROM usersystem WHERE username = '$username'";

// now check if the query was constructed as expected
// this will display the query and stop the execution
// you can copy the displayed query in phpmyadmin and test it
// when all working, comment the die() line
die($query);

// from now on use the query
//Check to see if username exists
$sql = mysql_query($query);
if (mysql_num_rows($sql)>0)
{
die ("Username taken.");
} 
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.