Jump to content


Photo

mysql_num_rows


  • Please log in to reply
12 replies to this topic

#1 chriscloyd

chriscloyd
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts
  • LocationArizona

Posted 05 October 2006 - 06:41 PM

here is the error i have

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chris/public_html/login.php on line 11

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/chris/public_html/login.php on line 12

Warning: Cannot modify header information - headers already sent by (output started at /home/chris/public_html/login.php:11) in /home/chris/public_html/login.php on line 28


and this is the code that is there

<?php
session_start();
include("db.php");

if(!$email || !$password){
$error = "Please Fill Out Both Fields!";
header("Location: index.php?error=".$error."");
} else {
$getinfo = mysql_query("SELECT password FROM users WHERE email = '$email'");
$check_admin = mysql_query("SELECT password FROM admins WHERE email = '$email'");
$admin = mysql_fetch_array($check_admin);
$user = mysql_fetch_array($getinfo);
	if($admin == 1){
		if(md5($password) == $admin['password']){
		$_SESSION['cssadmin'] = $email;
		}
	}
	if($user == 1){
		if(md5($password) == $user['password']){
		$_SESSION['css'] = $email;
		header("Location: index.php");
		} else {
		$error = "The Password You Entered Was Incorrect!";
		header("Location: index.php?error=".$error."");
		}
	} else {
	$error = "Their Is No Such Email Registered Here!";
	header("Location: index.php?error=".$error."");
	}
}
?>

44 bugs in my java code
44 bugs in my java code
Fix 1 bug, and complie again
122 bugs in my java code

#2 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 05 October 2006 - 07:00 PM

Can you show the code of db.php?

Orio.
Think you're smarty?

(Gone until 20 to November)

#3 chriscloyd

chriscloyd
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts
  • LocationArizona

Posted 05 October 2006 - 07:01 PM

<?php
$dbhost = 'localhost';
$dbuser = '***********';
$dbpass = '***********f';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = '**********';
mysql_select_db($dbname);

?>
44 bugs in my java code
44 bugs in my java code
Fix 1 bug, and complie again
122 bugs in my java code

#4 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 05 October 2006 - 07:14 PM

I'm not sure what's causing your errors, but just a design suggestion.  I notice you're returning your error string as part of the URL; this is going to make it difficult to provide information about multiple errors.  Not to mention your URLs are going to get very long on pages that cause errors.  You're using sessions, so why not have a $_SESSION['Errors'] array?  Each time a page loads, it will check for error messages in that array, display them, and then clear the array.

<?php // Login.php
session_start();
$HadErrors = false;
if(!$email){
  $_SESSION['Errors'][] = 'Missing email address.';
  $HadErrors = true;
}
if(!$password){
  $_SESSION['Errors'][] = 'Missing password.';
  $HadErrors = true;
}
if($HadErrors){
  header( 'Location: index.php' );
  exit();
}
// Rest of code below
?>

<?php // index.php
session_start();
// First check for errors
if(is_array($_SESSION['Errors']) && count($_SESSION['Errors'])){
  $out = 'The following errors occured:<ul>';
  foreach($_SESSION['Errors'] as $Error){
    $out .= '<li>' . $Error . '</li>';
  }
  $out .= '</ul>';
}
$_SESSION['Errors'] = Array(); // Clear any previous errors
// Rest of page follows
?>

PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#5 chriscloyd

chriscloyd
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts
  • LocationArizona

Posted 05 October 2006 - 07:26 PM

i changed my code but i still get those three errors

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chris/public_html/login.php on line 17

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chris/public_html/login.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at /home/chris/public_html/login.php:17) in /home/chris/public_html/login.php on line 36



heres my new code

<?php
session_start();
include("db.php");
$HadErrors = false;
if(!$email){
  $_SESSION['Errors'] = 'Missing email address.';
  $HadErrors = true;
}
if(!$password){
  $_SESSION['Errors'] = 'Missing password.';
  $HadErrors = true;
}
if($HadErrors){
  header( 'Location: index.php' );
}
$check_admin = mysql_query("SELECT * FROM admins WHERE email = '$email'");
$admin = mysql_num_rows($check_admin);
if($admin['email'] == $email){
	$_SESSION['cssadmin'] = $email;
}
$check_user = mysql_query("SELECT * FROM users WHERE email = '$email'");
$user = mysql_num_rows($check_user);
if($user == '1'){
	$password = md5($password);
	if($user['password'] == $password){
	$_SESSION['css'] = $email;
	} else {
	$_SESSION['Errors'] = 'Password was incorrect.';
  	$HadErrors = true;
	}
} else {
$_SESSION['Errors'] = 'Email address was not found in database.';
$HadErrors = true;
}
if($HadErrors == true){
header( 'Location: index.php' );
}
?>

44 bugs in my java code
44 bugs in my java code
Fix 1 bug, and complie again
122 bugs in my java code

#6 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 05 October 2006 - 07:28 PM

I made a typo in my post, after calling header("Location: <some_url>"); you should make a call to exit(), otherwise your script will keep running.

As I said in my original post, I'm not sure what's causing your errors specifically; it all looked fine to me as far as mysql is concerned.
PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#7 chriscloyd

chriscloyd
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts
  • LocationArizona

Posted 05 October 2006 - 07:29 PM

thanks for that session i cant tell if it works yet because it wont let me run the login script its weird i ahve done millions of login scripts and this is the only problem one i have ever made :(
44 bugs in my java code
44 bugs in my java code
Fix 1 bug, and complie again
122 bugs in my java code

#8 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 05 October 2006 - 07:34 PM

Try changing:
$getinfo = mysql_query("SELECT password FROM users WHERE email = '$email'");
$check_admin = mysql_query("SELECT password FROM admins WHERE email = '$email'");

To:
$query1="SELECT password FROM users WHERE email = ".$email;
$query2="SELECT password FROM admins WHERE email = ".$email;
$getinfo = mysql_query($query1) or die("Problem with Query1:<br>".mysql_error()."<br><br>");
$check_admin = mysql_query($query2) or die("Problem with Query2:<br>".mysql_error());

Orio.
Think you're smarty?

(Gone until 20 to November)

#9 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 05 October 2006 - 07:36 PM

Also, you need to check if the result of mysql_query is a valid resource or not before using it.

http://www.php.net/mysql_query
Look at the section Return Values and not that FALSE indicates a bad query.

You'll want to do something like:
<?php
$check_admin = mysql_query("SELECT * FROM admins WHERE email = '$email'");
if($check_admin){
  $admin = mysql_num_rows($check_admin);
}else{
  $admin = 0;
}
?>

Since all you're doing is a simple assignment, you can shorten it up a bit into:
<?php
$check_admin = mysql_query("SELECT * FROM admins WHERE email = '$email'");
$admin = $check_admin ? mysql_num_rows($check_admin) : 0;
?>

PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#10 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 05 October 2006 - 07:43 PM

Another error:
<?php
$admin = mysql_num_rows($check_admin);
if($admin['email'] == $email){
?>

mysql_num_rows returns an integer but you're using it as an array.

Also, I'm not sure you why'd type:
if($admin['email'] == $email){
in the first place since the query is already checking if it exists.

Basically what you've done is:
1) "Hey, MySQL, can you find all rows where email is equal to $email"
2) "Thanks MySQL, now can you give me the number of rows that were returned."
3) "Now I want to know if the row returned has the same email as what's in $email" - but you already did that in step 1!

At the point of that if statement, $admin will contain the number of rows returned, either 0 or greater than 0.  If you want to know if the user is an admin, just do
if($admin){ // greater than zero evaluates as true
  // do admin stuff
}

PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#11 chriscloyd

chriscloyd
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts
  • LocationArizona

Posted 05 October 2006 - 07:52 PM

still aint working
44 bugs in my java code
44 bugs in my java code
Fix 1 bug, and complie again
122 bugs in my java code

#12 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 05 October 2006 - 08:13 PM

Can you post the current code and current set of errors?
PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#13 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 05 October 2006 - 08:28 PM

Now - i would agree on some rewriting on this, but i've re-arranged a bit on your original post
You probably are using POST on this too, so defining variables as POST....


<?php
session_start();
include("db.php");

if(!empty($_POST['email'] || !empty($_POST['password'] )
{
$error = "Please Fill Out Both Fields!";
header("Location: index.php?error=".$error."");
exit();
}
else
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

$getinfo = mysql_query("SELECT password FROM users WHERE email = '$email'") or die(mysql_error());
if(mysql_num_rows($getinfo) == "1")
{
$user = mysql_fetch_array($getinfo);
if(md5($password) == $user['password'])
{
$_SESSION['css'] = $email;
header("Location: index.php");
exit();
}
else
{
$error = "The Password You Entered Was Incorrect!";
header("Location: index.php?error=".$error."");
exit();
}
}
else
{
$check_admin = mysql_query("SELECT password FROM admins WHERE email = '$email'") or die(mysql_error());
if(mysql_num_rows($check_admin) == "1")
{
$admin = mysql_fetch_array($check_admin);
if(md5($password) == $admin['password'])
{
$_SESSION['cssadmin'] = $email;
}
else
{
$error = "The Password You Entered Was Incorrect!";
header("Location: index.php?error=".$error."");
exit();
}
}
else
{
$error = "Their Is No Such Email Registered Here!";
header("Location: index.php?error=".$error."");
exit();
}
} 
}
?>


But instead of running for only matches on email and then extracting password from db, it would be better to simply run
"SELECT id FROM users WHERE password = '$password' AND email = '$email'"

I see you are comparing to see if the user have the identical password as the one actually stored in db on THAT username, and giving an error msg if the password is incorrect. In my point of view you should not give that kind of message because then you have already revealed a valid username with only a wrong password. One barrier less to break. Nevertheless, this is quite common afterall - I prefer to keep login usernames just as secret as login passwords and just give a common "no found" message on failure.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users