Warning: Mysql_Num_Rows(): Supplied Argument Is Not A Valid Mysql Result Resource

[mighty2361]

I made a plugin for bukkit gameserver which uses java http request for mysql queries so people won't be able to see the mysql password by decompiling the java code.

Then I made a php script which should instert something in a database but it says:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/*****.php on line 7

I added this: or die("Error: ". mysql_error(). " with query ". $sql); and then it says:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/report.php on line 7

Error: Unknown column 'mighty2361' in 'where clause' with query SELECT * FROM users WHERE username=`mighty2361` and password=`**********` (I use md5).

<?php
$myusername1 = $_GET['user'];
$mypassword1 = md5 ($_GET['pass']);
$reportedplayer = $_GET['reportedplayer'];
$by = $_GET['by'];
$reason = $_GET['reason'];
$count=mysql_num_rows($result);
$host = "mysql.0adshost.tk";
$username = "";
$password = "";
$db_name = "";
$tbl_name = "users";
mysql_connect ($host, $username, $password)or die("Cannot connect");
mysql_select_db($db_name)or die("Cannot select db");
$myusername = stripslashes($myusername1);
$mypassword = stripslashes($mypassword1);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`";
$result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql);
if($count==1)
{
mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ($myusername, $reportedplayer, $by, $reason)");
}
else echo mysql_error;
?>

 

The mysql table, user and pass aren't empty. I just don't want people to see them.

 

 

Please help because I'm really new to PHP and I am probably too young for it.

[MDCode]

Where are you getting $result from?

[Christian F.]

Please fix your font sizes, so that we can actually read what you wrote.

[DavidAM]

$count=mysql_num_rows($result);

This line appears before you execute the query, in fact, it is before you have even connected to the database. This statement needs to be after you have executed the query.

 

$sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`";

The backticks, `something`, indicate a column name to mySql, you need to use quotes (single or double) around the values (variables) for username and password.

[fenway]

And OBVIOUSLY you're not sending your passwords across the network so they will end up logs.

 

And OBVIOUSLY you're not storing your passwords in plaintext.

 

And OBVIOUSLY you're using a case-senstive collation.