Help Needed - Checking If A Member Is Premium

[rss1]

Hi,

 

I'm working on a PHP registration system. As part of the system, I want to be able to check if a member is premium or not. I've added a premium field into my database, but every time I login I'm greeted with this error:

 

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /public_html/fts/rs_ipn/index.php on line 20

 

Heres the script of index.php.

 

<?php
require 'glob.inc.php';
if (isset($_POST["login_username"], $_POST["login_password"])) {
	$login_username = trim(mysql_real_escape_string(htmlentities($_POST["login_username"])));
	$login_password = md5(trim(mysql_real_escape_string(htmlentities($_POST["login_password"]))));
	if (!empty($login_username) && !empty($login_password)) {
	$login_query = mysql_query("SELECT `user_id` FROM `users` WHERE `username`='".$login_username."' AND `password`='".$login_password."'");
	if (mysql_num_rows($login_query)==1) {
	$user_id = mysql_result($login_query, 0, 'user_id');
	$_SESSION["user_id"] = $user_id;
	header('Location: index.php');
	die();
	}
	}
	}
	if (isset($_SESSION["user_id"])) {	
	
		$premium = mysql_query("SELECT `premium` FROM `users` WHERE 'user_id' = '".$_SESSION["user_id"]."'");
		$premium1 = mysql_result($premium, 0);
		if ($premium1 == '1') {
		echo '<p>You are currently a <strong>premium member</strong></p>';
		} else {
		
?>
<p>You are NOT a premium member!</p>
<?php
	}
	
?>
	<p>You are logged in! - <a href="logout.php">Log out</a></p>    
<?php  
} else {
?>
	<form action="index.php" method="POST">
	<p>Username: <input type="text" name="login_username" /></p>
	<p>Password: <input type="password" name="login_password" /></p>
	<p><input type="submit" value="Log in" /></p>
	</form>
	<?php
	}
	?>

 

glob.inc.php contains database info. I know that the database is connecting ok as I can login. It's just that the premium check query on line 18 is not returning any results, and so presents the 'else' argument of 'you are NOT a premium member' - whether they are or not.

 

How can I solve this? I'm fairly new to PHP - hence why this is probably simple to solve.

 

Thanks.

Edited April 2, 2013 by rss1

[DavidAM]

That error indicates that the query failed. There is a syntax error in the query. The best way to debug these things is to build the query in a separate variable, so you can echo it if the query fails, to see what the query actually says:

$sql = "SELECT `premium` FROM `users` WHERE 'user_id' = '".$_SESSION["user_id"]."'";

$premium = mysql_query($sql);

if ($premium === false) {

  // IN DEVELOPMENT - tell me what went wrong

  echo $sql . '<BR>' . mysql_error();

} else {

  $premium1 = mysql_result($premium, 0);

By the way, you have single-quotes around the column name "user_id" in the WHERE clause. You probably meant to use back-ticks. However, the back-ticks are only needed if the column name is a reserved word. Personally, I don't use them at all.

[Barand]

$premium1 = mysql_result($premium, 0);

 I'm guessing that the 0 is problem - remove that second parameter

[DavidAM]

Actually, mysql_result allows the row number to be specified as the second parameter. After my first post, I got to thinking that that query should not have failed. However, it will most likely return zero rows. So the call the mysql_query() is not able to return results. I've never used that function (preferring mysql_fetch_assoc), so I'm not sure what happens if you call it on a result set with no rows.

 

@OP The mysql extension has been deprecated. If you are working on a new application, it is highly recommended that you switch to mysqli (with an "i" on the end) extension.