mighty2361 Posted October 23, 2012 Share Posted October 23, 2012 I made a plugin for bukkit gameserver which uses java http request for mysql queries so people won't be able to see the mysql password by decompiling the java code. Then I made a php script which should instert something in a database but it says: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/*****.php on line 7 I added this: or die("Error: ". mysql_error(). " with query ". $sql); and then it says: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u177206076/public_html/report.php on line 7 Error: Unknown column 'mighty2361' in 'where clause' with query SELECT * FROM users WHERE username=`mighty2361` and password=`**********` (I use md5). <?php $myusername1 = $_GET['user']; $mypassword1 = md5 ($_GET['pass']); $reportedplayer = $_GET['reportedplayer']; $by = $_GET['by']; $reason = $_GET['reason']; $count=mysql_num_rows($result); $host = "mysql.0adshost.tk"; $username = ""; $password = ""; $db_name = ""; $tbl_name = "users"; mysql_connect ($host, $username, $password)or die("Cannot connect"); mysql_select_db($db_name)or die("Cannot select db"); $myusername = stripslashes($myusername1); $mypassword = stripslashes($mypassword1); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`"; $result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql); if($count==1) { mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ($myusername, $reportedplayer, $by, $reason)"); } else echo mysql_error; ?> The mysql table, user and pass aren't empty. I just don't want people to see them. Please help because I'm really new to PHP and I am probably too young for it. Quote Link to comment Share on other sites More sharing options...
MDCode Posted October 23, 2012 Share Posted October 23, 2012 Where are you getting $result from? Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 23, 2012 Share Posted October 23, 2012 Please fix your font sizes, so that we can actually read what you wrote. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted October 23, 2012 Share Posted October 23, 2012 $count=mysql_num_rows($result); This line appears before you execute the query, in fact, it is before you have even connected to the database. This statement needs to be after you have executed the query. $sql="SELECT * FROM $tbl_name WHERE username=`$myusername` and password=`$mypassword`"; The backticks, `something`, indicate a column name to mySql, you need to use quotes (single or double) around the values (variables) for username and password. Quote Link to comment Share on other sites More sharing options...
fenway Posted October 24, 2012 Share Posted October 24, 2012 And OBVIOUSLY you're not sending your passwords across the network so they will end up logs. And OBVIOUSLY you're not storing your passwords in plaintext. And OBVIOUSLY you're using a case-senstive collation. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.