Warning: mysql_num_rows() expects parameter 1 to be resource

[JoshuaDempsey]

Hi guys, I was just making a simple login for my website when I came over this bug which I cannot for the life of me work out how to fix.

Whenever I enter a password etc. and submit the form it throws up this error, but inserts the information into the database correctly... 

Strange. Anyway, I will dump my config.php file and the code in question and if anyone would give any hints as to why this is happening it'd be much appreciated.

Thanks

Config.php

<?php

$ver = 0.1;

$database = "hidden";  // the name of the database.
$server = "localhost";  // server to connect to.
$db_user = "root";  // mysql username to access the database with.
$db_pass = "";  // mysql password to access the database with.
$table = "users";    // the table that this script will set up and use.
$link = mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database,$link);

?>

Signup.php:

 

<?php

# Grab the info from the config file to connect to the database

require 'config.php'; 

?>

<!DOCTYPE HTML>
<html>
    <head>
        <title>
        <?php

        if(session_id() == "" || !isset($_SESSION)){
           echo "Sign Up"; 
        }

        else{
            echo "Re-Directing to the homepage";
        }
        
        ?>
        </title>
        <meta charset="utf-8">
        <link rel="stylesheet" href="css/global.css">
    </head>
    
    <body class="signupPage">
        <?php require 'LIP/topbar.php'; 
        
        # LIP are pages: log in page and the sign up page

        if(session_id() == "" || !isset($_SESSION)){
            
        }

        else{
            Header ('Location: index.php');
        }

        ?>
        <div class="title-container">
            <h1 class="page-title">
                Sign up for hidden
            </h1>
        </div>
        <div class="signup-description">
            <p>hidden</p>
        </div>
        <div class="form-container">
            <form class="" name="" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" autocomplete="on">
                <input type="text" class="input-text" name="firstname" placeholder="First name" title="Enter your first name" required autofocus x-webkit-speech />
                <br />
                <input type="text" name="lastname" class="input-text" placeholder="Last name" title="Enter your last name" required x-webkit-speech />
                <br />
                <input type="text" name="emailaddress" class="input-text" placeholder="E-Mail Address" title="Enter your E-Mail Address" required x-webkit-speech />
                <br />
                <input type="password" name="password" class="input-text" placeholder="Password" title="Enter your password" required />
                <br />
                <input type="submit" class="input-button" name="">
            </form>
        </div>
    </body>
</html>

<?php

# Start of the code for the login form 

if(!empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['emailaddress']) && !empty($_POST['password'])){

    // Above we check if all the fields have been entered
    
    // Now we take the input, change it to variables and cleanse it
    
    $firstname = $_POST['firstname'];
    $firstname = ucfirst($firstname);
    $firstname = htmlentities($firstname);
    $firstname = stripslashes($firstname);
    $firstname = mysql_real_escape_string($firstname);
    
    $lastname = $_POST['lastname'];
    $lastname = ucfirst($lastname);
    $lastname = htmlentities($lastname);
    $lastname = stripslashes($lastname);
    $lastname = mysql_real_escape_string($lastname);
    
    $eaddr = $_POST['emailaddress'];
    $eaddr = stripslashes($eaddr);
    $eaddr = mysql_real_escape_string($eaddr);
    
    $passcode = $_POST['password'];
    $passcode = hash("sha512", $passcode);
    
    $check = "SELECT * from emailaddress where eaddr = '".$eaddr."'";
    $qry = mysql_query($check);
    $num_rows = mysql_num_rows($qry);
    
    if($num_rows > 0){
        echo "The username you have entered is already exist. Please try another username.";
        echo '<a href="signup.php">Try Again</a>';
        exit;   
    }
    
$query = "INSERT INTO users (fname,sname,emailaddress,password) VALUES ('".$firstname."','".$lastname."','".$eaddr."','".$passcode."');";
mysql_query($query);
echo "Thank You for Registration.";
echo '<a href="register.html">Click Here</a> to login you account.';
exit;
    
    
}

?>

[mac_gyver]

the error means that your SELECT query failed with an error of some kind. for debugging, echo mysql_error(); on the next line after the mysql_query() statement to find out why the query failed.

 

also, since you don't have any logic in your code to test if the query worked before tyring to use the result from that query, mysql_num_rows() will always be a zero and your code will never run the echo "The username you have entered is already exist. ... logic. you need to always test if a query works without any errors.

Edited July 25, 2013 by mac_gyver

[JoshuaDempsey]

the error means that your SELECT query failed with an error of some kind. for debugging, echo mysql_error(); on the next line after the mysql_query() statement to find out why the query failed.

 

also, since you don't have any logic in your code to test if the query worked before tyring to use the result from that query, mysql_num_rows() will always be a zero and your code will never run the echo "The username you have entered is already exist. ... logic. you need to always test if a query works without any errors.

 

Thanks very much, code is working now. 

 

I just got the output spat back onto the same page by the PHP, I have centred it etc. so it looks OK, I don't see the point of adding logic if I don't have too? 

[Muddy_Funster]

..I don't see the point of adding logic if I don't have too? 

 

Maybe you should get a different hobby/job/pastime then.

[Psycho]

ALWAYS include proper error handling. By not including it you could potentially leak information that someone could use to hack your application. I also see plenty of errors in that script. For example, your header() redirect will never work because you are sending output to the page before it would run. For that matter, why do you output the form before you process the data that may have been submitted? Also, right now, a user could use that form to completely compromise your database.

[JoshuaDempsey]

Maybe you should get a different hobby/job/pastime then.

 

But it works absolutely fine. I now have it re-directing to a new page on success. So I don't think there is a problem here?

[JoshuaDempsey]

ALWAYS include proper error handling. By not including it you could potentially leak information that someone could use to hack your application. I also see plenty of errors in that script. For example, your header() redirect will never work because you are sending output to the page before it would run. For that matter, why do you output the form before you process the data that may have been submitted? Also, right now, a user could use that form to completely compromise your database.

 

If you are on about Header ('Location: index.php'); - then this works fine when there is a session?

 

The !isset checks if information has been entered to the page? But if the user is logged in they are re-directed to index.php anyway?

 

I know, I'm just getting the hang of this.

[Muddy_Funster]

I stand on my last statement.  If you can't be bothered to include logic then your in the wrong game.  Code needs logic.  The web is full of crap code - pages that don't display correctly, pages that only load on one browser and not another, pages that have broken links and missing images, pages that open up the backend to injection attacks, pages that get hijacked by spam bots.   Don't think that just because you didn't have a chance to see somthing come up on the page that the browser didn't render it, and that nothing could have captured it.

 

Also header() can be broken very easily, it should never be used as a security step, only as a convenience.