Difficulty including database connect info...

[webmaster1]

I'm using the following to define my connection details and it works fine:

 

<?php
$host="x"; // Host name
$username="x"; // Mysql username
$password="x"; // Mysql password
$db_name="x"; // Database name
$tbl_name="x"; // Table name
?>

 

I've tried to replace this using the include function:

 

include($_SERVER['DOCUMENT_ROOT']."/somefolder/dbinfo.php");

 

For some reason I get the following errors:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in x  on line x

 

Warning: Cannot modify header information - headers already sent by (output started at x) in x  on line x

 

How is that I'm overlooking the include function?

 

 

[PFMaBiSmAd]

The error means that your query failed, so it's more likely a problem with the query and not the connection (you would have gotten a warning message about mysql_query() attempting to form a connection but couldn't if there was no connection present.)

[webmaster1]

But the database connection and the query works fine when I don't use the include.

 

Should that not indicate that the query is not the issue?

 

Everything is hunky-dory until I replace my connection variables with the include function.

[PFMaBiSmAd]

Cannot really help you with what your code is doing without seeing your code.

 

That error is the most common mysql related error (search for any part of the message on the Forum) and it either means that the query failed due to an error and returned a FALSE value or you overwrote the result resource inside of a loop that was using the results from that query.

 

If you only got that one warning message and not any like this -

Warning: mysql_query() [function.mysql-query]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in your_file..php on line x

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in your_file.php on line x

then you had a valid connection at the time the mysql_query() statement was executed.

[Gubbins]

I ask a simple question why would you need the database info file to include this:-

 

include($_SERVER['DOCUMENT_ROOT']."/somefolder/dbinfo.php");

 

All other files need it but not the dbinfo.php file...

[Gubbins]

I ask a simple question why would you need the database info file to include this:-

 

include($_SERVER['DOCUMENT_ROOT']."/somefolder/dbinfo.php");

 

All other files need it but not the dbinfo.php file...

 

I would proberly add it like this anyway:-

<?php
require("somefolder/dbino.php");
?>

[aeroswat]

I ask a simple question why would you need the database info file to include this:-

 

include($_SERVER['DOCUMENT_ROOT']."/somefolder/dbinfo.php");

 

All other files need it but not the dbinfo.php file...

 

I would proberly add it like this anyway:-

<?php
require("somefolder/dbino.php");
?>

 

Pf is right. We need some more code. Provide that and we'll look at it. Other than that for a connection I would probably use a require_once

[webmaster1]

I understand what you've explained but cannot fathom why the error is exclusive to using the include function. In theory, the same problem should persist when I don't use the include function.

 

I have a basic username and password form that posts to check.php which in turn runs a database check on the input and thereafter redirected. I used the following as my basis   

http://www.phpeasystep.com/phptu/6.html

 

Here's my actual code for check.php:

 

<?php

$host="x"; // Host name
$username="x"; // Mysql username
$password="x"; // Mysql password
$db_name="x"; // Database name
$tbl_name="x"; // Table name

// Include database variables.
//include($_SERVER['DOCUMENT_ROOT']."/somefolder/dbinfo.php");

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$loginusername=$_POST['loginusername'];
$loginpassword=$_POST['loginpassword'];

// To protect MySQL injection (more detail about MySQL injection)
$loginusername = stripslashes($loginusername);
$loginpassword = stripslashes($loginpassword);
$loginusername = mysql_real_escape_string($loginusername);
$loginpassword = mysql_real_escape_string($loginpassword);

$sql="SELECT * FROM $tbl_name WHERE username='$loginusername' and password='$loginpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $loginusername and $loginpassword, table row must be 1 row

if($count==1){
// Register $loginusername, $loginpassword and redirect to file "login_success.php"
session_register("loginusername");
session_register("loginpassword");
header("location:login-success.php");
}
else {
header("location:/index.php?loginfailstatus=TRUE&loginfailusername=$loginusername&loginfailpassword=$loginpassword");
}
?>

 

You'll notice I tweaked the header link for the a failed login by passing two variables through the url. Nothing major. The page containing my form uses an insert query (stores ip for failed login) and that's about the extent of it.

 

 

 

 

 

 

[aeroswat]

Why do you have quotes around your variables in your connect and db select functions?

[aeroswat]

Also session_register is deprecated. You should define your session variables the right way with $_SESSION['name'] = "Joe";

[webmaster1]

Why do you have quotes around your variables in your connect and db select functions?

 

The tutorial seems to have gone about it that way.

[wolfan]

You do not need strip_slashes when pulling from a $_POST because it automatically happens.  As per this page in the PHP manual: http://php.net/manual/en/function.stripslashes.php

 

But as far as your error is concerned.  The error you described Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in x  on line x means that that which was passed to mysql_num_rows is not actually data from a SQL query.  Which means an error happened in your query.  Usually in your SQL.

Change the line

$result=mysql_query($sql);

 

to

 

$result=mysql_query($sql) or die(mysql_error()."<br/>".$sql);

 

What this will do is force the system to die if there is an error in your sql query and then output what was passed to the query and what the error was.

[webmaster1]

All other files need it but not the dbinfo.php file...

 

Why doesn't dbinfo.php need it? I thought the only significant difference between the require() and include() functions was how they handled errors.

 

 

[PFMaBiSmAd]

A) echo mysql_error() on the next line after the mysql_query() statement to find out why the query is failing.

 

B) If output_buffering is on in your master php.ini, then your header() redirects might be functioning AND the error message you are getting could be occurring in code on either your login-success.php or index.php page (you did not show in the error message the actual file where the error did occur, so on one here can directly help you.)

 

C) session_register() was depreciated a really long time ago and any code posted on the Internet using it should have been updated or removed (this would prevent any other code that is testing if you are logged in from actually working.) You should be using session_start() and $_SESSION variables.

[webmaster1]

the error message you are getting could be occurring in code on either your login-success.php or index.php page

 

Understood. Apologies for the cloak and dagger.  Here you go:

 

index.php:

 

<?php
$loginfailstatus=$_GET['loginfailstatus']; 
$loginfail=$loginfailstatus;
$loginfailusername=$_GET['loginfailusername']; 
$loginfailpassword=$_GET['loginfailpassword']; 

// Create value if username left blank.
if (empty($loginfailusername)) 
{
$loginfailusername="No input for this field";
}

// Create value if password left blank.
if (empty($loginfailpassword)) 
{
$loginfailpassword="No input for this field";
}
?>
<html>

<?php 
// If a failed login attempt is made.
if ($loginfail)
{

// Include database variables.
include($_SERVER['DOCUMENT_ROOT']."/includes/site/dbinfo.php");

// Connect to database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define variables for query.
$client="Site";

// Define current page as variable for query.
// Source: http://www.webcheatsheet.com/PHP/get_current_page_url.php
function curPageURL() {
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$location=curPageURL();

// Define variables for query cntd.
$occurrence="Illegal client login attempt";
$ipaddress=$_SERVER['REMOTE_ADDR'];

// Insert into table.
$query = "INSERT INTO reports VALUES ('',NOW(),'$client','$location','$occurrence','$ipaddress','$loginfailusername','$loginfailpassword')";
mysql_query($query);

// Define additional variables for message. 
$daydate=date("l, dS");
$monthyear=date("F, Y");
$time=date("H:i:s a");

// THIS QUERY DOESN'T QUITE WORK YET - CURRENTLY LEARNING HOW TO ADD FETCH RESULTS
$query2 = "SELECT COUNT(id) AS cumulativeloginfails FROM reports";
$cumulativeloginfails = mysql_query($query2);
echo $cumulativeloginfails;

// Echo message.
echo "
<p>You have not entered a valid username and/or password. Successive failed attempts will result in a ban that will prevent your access to this website. Please verify your credentials before attempting to enter them again. Contact the site administrator if you experience further difficulty.</p>
<p><a href='/index.php'>Go back to client login form.</a></p>
<p><a href='/contact.php'>Contact the site administrator.</a></p>
<p>Occurrence: ".$occurrence.".</p>
<p>Attempted username: ".$loginfailusername.".</p>
<p>Attempted password: ".$loginfailpassword.".</p>
<p>IP address retained: ".$ipaddress."</p>
<p>Cumulative illegal attempts from this IP Address:</p>
<p>Date logged: ".$daydate." of ".$monthyear.".</p>
<p>Time logged: ".$time."</p>
";

}
else
{
?>
<form name="form1" method="post" action="includes/site/login-check.php">
<ol>
  <li>Username: <input name="loginusername" type="text" id="loginusername"></li>
  <li>Password: <input name="loginpassword" type="password" id="loginpassword"></li>
  <li><input type="submit" name="login" value="Login"></li>
</ol>
</form>
<?php
}
?>
</html>

 

login-success.php:

 

<?php
session_start();
if(!session_is_registered(myusername)){
// Redirects when the following url is directly accessed: 
header("location:/index.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>

 

Error messages:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/x/public_html/includes/site/login-check.php on line 32

 

Warning: Cannot modify header information - headers already sent by (output started at /home/x/public_html/includes/site/login-check.php:32) in /home/x/public_html/includes/site/login-check.php on line 42

 

 

[PFMaBiSmAd]

Are you even reading the errors?

 

I stated that the error could be occurring in one of those files because you did not post the part of the error stating where it did occur.

 

You have got all the information in the replies in this thread that is necessary to troubleshoot what is causing the query to fail.

[webmaster1]

Also session_register is deprecated. You should define your session variables the right way with $_SESSION['name'] = "Joe";

 

Understood. It would be handy if the manual positioned the notice of deprecation at the start of the page. It doesn't seem to recommend the correct alternative either. Never mind me, just nagging.

[webmaster1]

Are you even reading the errors?

 

I stated that the error could be occurring in one of those files because you did not post the part of the error stating where it did occur.

 

You have got all the information in the replies in this thread that is necessary to troubleshoot what is causing the query to fail.

 

I understand what you're saying. I just posted the full code on the interim as requested whilst I'm implementing your suggestions. I'm not disregarding what you've said, I'm just a little slow at this.

 

I'm checking echo mysql_error()  now.

[webmaster1]

The echo revealed that the table didn't exist. I changed the name of the table in phpMyAdmin but forgot to do so in dbinfo.php.

 

Thanks PFMaBiSmAd. mysql_error() is a nifty function.

 

Cheers for all the other tips (e.g. deprecations) too lads.