Jump to content

Warning: Mysql_Num_Rows(): Supplied Argument Is Not A Valid Mysql Result Resource


Recommended Posts

I made a plugin for bukkit gameserver which uses java http request for mysql queries so people won't be able to see the mysql password by decompiling the java code.

Then I made a php script which should instert something in a database but it says:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/*****.php on line 7

I added this: or die("Error: ". mysql_error(). " with query ". $sql); and then it says:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/report.php on line 7

Error: Unknown column 'mighty2361' in 'where clause' with query SELECT * FROM users WHERE username=`mighty2361` and password=`**********` (I use md5).

<?php
$myusername1 = $_GET['user'];
$mypassword1 = md5 ($_GET['pass']);
$reportedplayer = $_GET['reportedplayer'];
$by = $_GET['by'];
$reason = $_GET['reason'];
$count=mysql_num_rows($result);
$host = "mysql.0adshost.tk";
$username = "";
$password = "";
$db_name = "";
$tbl_name = "users";
mysql_connect ($host, $username, $password)or die("Cannot connect");
mysql_select_db($db_name)or die("Cannot select db");
$myusername = stripslashes($myusername1);
$mypassword = stripslashes($mypassword1);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`";
$result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql);
if($count==1)
{
mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ($myusername, $reportedplayer, $by, $reason)");
}
else echo mysql_error;
?>

 

The mysql table, user and pass aren't empty. I just don't want people to see them.

 

 

Please help because I'm really new to PHP and I am probably too young for it.

$count=mysql_num_rows($result);

This line appears before you execute the query, in fact, it is before you have even connected to the database. This statement needs to be after you have executed the query.

 

$sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`";

The backticks, `something`, indicate a column name to mySql, you need to use quotes (single or double) around the values (variables) for username and password.

And OBVIOUSLY you're not sending your passwords across the network so they will end up logs.

 

And OBVIOUSLY you're not storing your passwords in plaintext.

 

And OBVIOUSLY you're using a case-senstive collation.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.