Leveecius Posted November 10, 2009 Share Posted November 10, 2009 Hey guys, I am getting 2 of the same errors on lines 205 and 216 Here is the error I'm getting: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/klrbal/public_html/Mafia-test/families.php on line 205 Here is the code: <? session_start(); if (!(isset($_SESSION["real_name"]))) { //echo "I'm not logged in"; header('Location: index.php'); } else { echo ""; } ?> <html> <head> <title>Mafia Syndicate BETA .::. Families</title></head> <link REL="stylesheet" TYPE="text/css" HREF="main.css"> <script language=javascript src=Menus.js></script> <body background="wallpaper.jpg"> <center> <table border="0" cellspacing="0" cellpadding="0" align="center" width="95%" class="cat"> <TR> <TD width="150" background="tdbg3.jpg" bgcolor="#222222" valign="top"> <?php include("leftmenu.php");?> </TD> <td width="100%" valign="top"> <br> <?php $fetch=mysql_fetch_object(mysql_query("SELECT * FROM family WHERE name='$name' LIMIT 1")); echo "$name"; ////CREATE Family///// if ($_POST['createfamily'] && $_POST['familyname']){ $familyname == $_POST['familyname']; if ($rankpoints <= 2250000){ echo "You must be an Underboss before you can make a family!"; }else{ if ($famlevel==0){ $finalcash = $cash - 10000000000000 ; if ($finalcash <0){ echo "You do not have enough cash!"; }elseif ($finalcash >=0){ $num_true=mysql_num_rows(mysql_query("SELECT * FROM family WHERE id >1")); if ($num_true >= 6){ echo "There are already 6 Family Slots!"; }else{ $num_true=mysql_num_rows(mysql_query("SELECT * FROM family WHERE name='$name'")); if ($num_true >= 1){ echo "There is already a family with that name!"; }else{ function change($msg){ $post = $msg; $post = str_replace("'", "`", $post); return $post; } $new=change($familyname); mysql_query("INSERT INTO `family` ( `id` , `owner` , `name` , `bank` , `quote` , `news` , `slot` ) VALUES ('', '$username', '$new', '0', 'No Quote!', 'You have no family news8)', '10')"); mysql_query("UPDATE users SET famlevel='9' WHERE username='$username'"); mysql_query("UPDATE users SET cash='$finalcash', family='$new' WHERE username='$username'"); mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip`) VALUES ('', '$username', 'Formed a family named <b>$new</b>!', '$date', '$realip')"); echo "You have created the Family <b>$new!</b>"; } } } } } } if ($_POST['cancelapply']){ mysql_query("DELETE FROM familyreq WHERE username='$username'"); echo "You have cancelled your application!"; } if ($_POST['leave'] && $famlevel >=2 && $famlevel <7){ if ($famlevel <= 0) { echo "You are not in a Family!"; }else{ if ($famlevel >= 4) { echo "You can not leave your Family!"; }else{ $healthloose=rand(85,95); if ($health - $healthloose <=0){ mysql_query("UPDATE users SET family='None', famlevel='0', `health`='1' WHERE username='$username'"); }else{ mysql_query("UPDATE users SET family='None', famlevel='0', `health`=`health`-'$healthloose' WHERE username='$username'"); echo "You left your family and lost $health% health!"; }}}} if ($_POST['change'] && strip_tags($_POST['newfamname']) && strip_tags($_POST['famid']) && $userlevel >=2){ $newfamname = $_POST['newfamname']; $newfamname = strip_tags($newfamname); $famid = $_POST['famid']; $famid = strip_tags($famid); $sql="SELECT * from families WHERE id='$famid'"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ // Start looping table row $oname = $rows['name']; } $num_true=mysql_num_rows(mysql_query("SELECT * FROM family WHERE name='$newfamname'")); if ($num_true >= 1){ echo "There is already a Family with that name!"; }else{ function change($msg) { $post = $msg; $post = str_replace("'", "`", $post); return $post; } $newfamname=change($newfamname); mysql_query("UPDATE users SET family='$newfamname' WHERE family='$oname'"); mysql_query("UPDATE familyreq SET famid='$newfamname' WHERE family='$oname'"); mysql_query("UPDATE forum_answer SET place='$newfamname' WHERE place='$oname'"); mysql_query("UPDATE forum_question SET place='$newfamname' WHERE place='$oname'"); mysql_query("UPDATE family_donations SET family='$newfamname' WHERE family='$oname'"); mysql_query("UPDATE family SET name='$newfamname' WHERE id='$crewid'"); mysql_query("UPDATE BG SET family='$newfamname' WHERE family='$oname'"); echo "You changed the family $oname to $newfamname!"; }} ?> <table border="1" class="sub2" align="center" cellspacing="0" cellpadding="1" bordercolor=black width=81%> <tr> <td align="center" colspan="5" class="header">Families</td> </tr> <? include "includes/db_connect.php"; $sql="SELECT * FROM family ORDER by id ASC"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ // Start looping table row $name=$rows['owner']; $famname=$rows['id']; $famname2=$rows['name']; $sql2="SELECT * from users WHERE family='$famname2'"; $result2=mysql_query($sql2); $num=mysql_num_rows($result2); ?> <tr> <td width="70%"><a href="viewfamprofile.php?viewfamily=<? echo $famname ?>"><? echo $rows['name']; ?></a></td><td width="20%"><a href="viewprofile.php?viewuser=<? echo $name ?>"><? echo $rows['owner']; ?></a></td><td width="10%"><? echo "$num"; ?></td> </tr> <? } ?> <tr> <td colspan="5" align="right"><? $num_true=mysql_num_rows(mysql_query("SELECT * FROM families WHERE id >1")); echo "$num_true"; ?>/6 Families</td> </tr> </table> <br> <br> <? if ($famlevel == 0) { ?> <form method="post" action="families.php"> <table border="1" cellspacing="0" cellpadding="2" bordercolor="black" align="center" width="30%" class="sub2"> <tr> <td class="header" colspan="2" align="center">Create Family </td> </tr> <tr> <td> <p><font color="blue"><b>Making a Family will Cost $10,000,000,000,000. You must be ranked Underboss + to make a Family.</b></font></p></td> </tr> <tr> <td width="92%" bgcolor="#3c3025" border="0"> <center> Family Name:<br> <input type="text" style="border:1px solid black;" name="familyname"> <br><br> <input type="submit" value="Create Family" name="createfamily"></center> </td> </tr> <? $num_true=mysql_num_rows(mysql_query("SELECT * FROM familyreq WHERE username='$username'")); if ($num_true == 1){ ?> <tr> <td class="header" colspan="2" align="center">Pending Application</td> </tr> <? include "includes/db_connect.php"; $sql="SELECT * FROM crewapply WHERE username='$username'"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ // Start looping table row ?> <tr> <td colspan="2" align="center"> You have applied to <b><? echo $rows['family']; ?></b><br><br> <input type="submit" value="Cancel Application" name="cancelapply"></td> </tr> <? }} ?> </table></form> <? } ?> <br> <table border="1" cellspacing="0" cellpadding="2" bordercolor="black" align="center" width="30%" class="sub2"> <tr> <td class="header" colspan="2" align="center">Leave Family</td> </tr> <tr> <td colspan="2" align="center"><font color="red"><b>Note: Leaving Family can result in you losing 85-95% health</b></font> <br> <br> <input type="submit" value="Leave Family" name="leave"> </td> </tr> <? if ($famlevel >=7 && $fetch->slot <200){ ?> <tr> <td class="header" colspan="2" align="center">Upgrade Family Size</td> </tr> <tr> <td align="center"> <? if ($fetch->slot ==100){$next=250; $upgradecost=10000000000;} elseif ($fetch->slot ==250){$next=500; $upgradecost=15000000000;} elseif ($fetch->slot ==500){$next=1000; $upgradecost=20000000000;} elseif ($fetch->slot ==1000){$next=2000; $upgradecost=30000000000;} ?> Your family's current size is <b><? echo $fetch->slot ; ?></b>, it will cost $<? echo number_format($upgradecost); ?> to upgrade it to <? echo $next ;?>.<br> <input type="submit" name="upgrade" value="Upgrade"> </td> </tr> <? } ?> </form> <? if ($userlevel >= 5) { ?> <form method="post" action=""> <table border="1" cellspacing="0" cellpadding="2" bordercolor="black" align="center" width="30%" class="sub2"> <tr> <td class="header" colspan="2" align="center">Change Family Name</td> </tr> <tr> <td width="90%" align="center">Family ID:<br><input style="border:1px solid black;" type="text" name="famid"><br></td> </tr> <tr> <td align="center">New Family Name:<br><input type="text" style="border:1px solid black;" name="newfamname"><br><br> <input type="submit" value="Change" name="change"> </td> </tr> </table> </form> <br><br> <? } ?> <? if ($userlevel >= 15) { ?> <form method="post" action=""> <table border="1" cellspacing="0" cellpadding="2" bordercolor="black" align="center" width="30%" class="sub2"> <tr> <td class="header" colspan="2" align="center">Drop Family</td> </tr> <tr> <td width="90%" align="center"><br> <center><select name="famnamedrop"> <? include "includes/db_connect.php"; $sql="SELECT * FROM family ORDER by id"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ // Start looping table row ?> <option><? echo $rows['name']; ?></option> <? } ?> </select> <br><br> <input type="submit" value="Drop Family" name="dropfamily"></center> </td> </tr> </table> </form> <? } ?> <br><br> </td> <TD width="150" valign="top"> <?php include("rightmenu.php");?> </TD> </TR> </table> </center> </body> </html> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted November 10, 2009 Share Posted November 10, 2009 Sounds like an SQL error, what line is 205 update $sql2="SELECT * from users WHERE family='$famname2'"; $result2=mysql_query($sql2); $num=mysql_num_rows($result2); to $sql2="SELECT * from users WHERE family='$famname2'"; $result2=mysql_query($sql2) or die($sql2."<br>\n".mysql_error()); //updated $num=mysql_num_rows($result2); this should give you an error that it a little more helpful Quote Link to comment Share on other sites More sharing options...
Leveecius Posted November 10, 2009 Author Share Posted November 10, 2009 this makes no sense: SELECT * from users WHERE family='Da Corleone's' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's'' at line 1 Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted November 10, 2009 Share Posted November 10, 2009 Escape the quote in Da Corleone's (mysql_real_escape_string) Quote Link to comment Share on other sites More sharing options...
MadTechie Posted November 10, 2009 Share Posted November 10, 2009 It makes perfect sense.. let me explain in this query what am i searching for ? remember you need to quote the string your searching for SELECT * from users WHERE family='MadTechie's' AND Firstname = 'this is a 'quote' test' So you could say i am searching for 'MadTechie' and 'this is a ' but then we have some invalid SQL commands What does s' do ? and for that matter what's quote' test' theirs not command called quote? Now to make SQl understand that mean find 'MadTechie's' you need to let it know that the quote is part of the string and not ending the string, to do that you need to escape it with a slash, ie SELECT * from users WHERE family='MadTechie\'s' AND Firstname = 'this is a \'quote\' test' Now you can use addslashes, or mysql_real_escape_string, i recommend mysql_real_escape_string as its part of the sql pack and prevents SQL injection here's an example $sql2="SELECT * from users WHERE family='".mysql_real_escape_string($famname2)."'"; Quote Link to comment Share on other sites More sharing options...
Leveecius Posted November 10, 2009 Author Share Posted November 10, 2009 ok, I think I know what you were saying, I changed it to not have the quotes around $famname2 and got this: SELECT * from users WHERE family=Da Corleones You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Corleones' at line 1 Quote Link to comment Share on other sites More sharing options...
Leveecius Posted November 10, 2009 Author Share Posted November 10, 2009 ok, I was looking at it a little more careful now and got this. I hanged the coding around a little and renamed the family, and got this: SELECT * from users WHERE famname=DaCorleones Unknown column 'DaCorleones' in 'where clause' Quote Link to comment Share on other sites More sharing options...
MadTechie Posted November 10, 2009 Share Posted November 10, 2009 No, you need the quotes to tell SQL your searching for a string, BUT the string can NOT have a quote in it, when you search for SELECT * from users WHERE family='Da Corleone's' the system read its as SELECT * from users WHERE family='Da Corleone' then the system sees s' thats not valid SQL.. hence the error So you need to tell the system that the quote IN Da Corleone's is PART OF the string to do that you escape it ie Da Corleone\'s Now theirs a function to do that for you.. replace the line with $sql2="SELECT * from users WHERE family='".mysql_real_escape_string($famname2)."'"; Quote Link to comment Share on other sites More sharing options...
Leveecius Posted November 11, 2009 Author Share Posted November 11, 2009 ok, updated and got this: SELECT * from users WHERE family='Da Corleone\'s' Unknown column 'family' in 'where clause' Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted November 11, 2009 Share Posted November 11, 2009 are you sure the column you want to test is named family? remember its case sensitive so Family is different from family Quote Link to comment Share on other sites More sharing options...
Leveecius Posted November 11, 2009 Author Share Posted November 11, 2009 got it now. family was supposed to be famname. thanks for the help guys! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.