Jump to content

mysql_num_rows() error

phingoc

By phingoc
in PHP Coding Help

 Share

Recommended Posts

phingoc Newbie

phingoc

Posted
Posted

Hi. i get this error msg when trying to run this script:

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\reg.php on line 14

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\reg.php on line 20

 

reg.php

<?php
$connect = mysql_connect("localhost","xx","xx") or die("Kunne ikke koble til database.");

mysql_select_db("xxx") or die("Kunne ikke finne database");

$username = $_POST['brukernavn'];
$password = $_POST['passord'];
$confirm_password = $_POST['confirm_password'];
$email = $_POST['epost'];
$name = $_POST['navn'];
$place = $_POST['bosted'];

$queryuser=mysql_query("SELECT * FROM brukere WHERE brukernavn='$username' ");
$checkuser=mysql_num_rows($queryuser);
if($checkuser != 0)
{ echo "Beklager, ".$username." er allerede i bruk. Venligst velg ett annet brukernavn."; }
else {

$querymail=mysql_query("SELECT * FROM brukere WHERE epost='$email' ");
$checkmail=mysql_num_rows($querymail);
if($checkmail != 0)
{ echo "Beklager, ".$email." er allerede i bruk."; }
else {

if($password != $confirm_password)
{ echo "Passordene du tastet matcher ikke."; }
else {

$insert_user=mysql_query("INSERT INTO brukere (brukernavn, passord, epost, navn, bosted) VALUES ('$username', '$password', '$email', '$name', '$place')");

if($insert_user)
{ echo "Gratulerer, du er nå registrert. Du kan nå logge inn på venstre side."; }
else
{ echo "Noe galt skjedde under registreringen, venligst gå tilbake og prøv på nytt."; }

}}}
?>

 

Someone know why? i have check, double checkd and tripple checkd the variables in the script, form and database.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

You queries are failing. You need to add error handling to trap those errors. In a dev environment you can just add an "or die(mysql_error())" to the query call, but for a production environment you can add something a little more elegant that won't display database errors to the user.

 

Also, you are not escaping the user input which could cause the query to fail or, worse, open you up to SQL injection. You are also missing a lot of validation. For example, if the passwords are empty the will still be equal and the validation will pass.

 

I made a lot of changes, so I can't guarantee this will work without some fixing of typos, but once that is taken care of you will get informative messages when there is a DB error

<?php


//Function to display db error messages based on dev or production environment
function showDatabaseError($query, $userMessage=false)
{
    $debugMode = true; //set to false for production environment

    if($debugMode)
    {
        echo "A DB error occured with the query: $query<br>Error: " . mysql_error();
    }
    else
    {
        if($userMessage!==false)
        {
            echo $userMessage;
        }
        else
        {
            echo "A database error occured. Please try again later.";
        }
    }
}

$connect = mysql_connect("localhost","xx","xx") or die("Kunne ikke koble til database.");
mysql_select_db("xxx") or die("Kunne ikke finne database");

$username = trim($_POST['brukernavn']);
$usernameSQL = mysql_real_escape_string($username);

$query = "SELECT brukernavn FROM brukere WHERE brukernavn='$usernameSQL'";
$result = mysql_query($query);

if(!$result)
{
    showDatabaseError($query);
}
elseif(mysql_num_rows($result))
{
    echo "Beklager, $username er allerede i bruk. Venligst velg ett annet brukernavn.";
}
else
{
    $email = trim($_POST['epost']);
    $emailSQL = mysql_real_escape_string($email);
    $query = "SELECT epost FROM brukere WHERE epost='$emailSQL'";
    $result = mysql_query($query);

    if(!$result)
    {
        showDatabaseError($query);
    }
    elseif(mysql_num_rows($result))
    {
        echo "Beklager, $email er allerede i bruk.";
    }
    else
    {
        //You should really be hashing the password!
        $password = mysql_real_escape_string($_POST['passord']);
        $confirm_password =  mysql_real_escape_string($_POST['confirm_password']);

        if($password != $confirm_password)
        {
            echo "Passordene du tastet matcher ikke.";
        }
        else
        {
            
            $nameSQL  = mysql_real_escape_string(trim($_POST['navn']));
            $placeSQL = mysql_real_escape_string(trim($_POST['bosted']));

            $query = "INSERT INTO brukere (brukernavn, passord, epost, navn, bosted)
                      VALUES ('$usernameSQL', '$password', '$emailSQL', '$nameSQL', '$placeSQL')";
            $insert_user = mysql_query($query);
            if(!$result)
            {
                showDatabaseError($query, "Noe galt skjedde under registreringen, venligst gå tilbake og prøv på nytt.");
            }
            else
            {
                echo "Gratulerer, du er nå registrert. Du kan nå logge inn på venstre side.";
            }
        }
    }
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.