[SOLVED] Error with mysql_num_rows()

[KevinM1]

I'm currently writing a very simple user registration script.  I'm in the preliminary stages, but I keep getting an error whenever I try using mysql_num_rows().  Specifically, it tells me:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/nights/www/www/PHP_stuff/necc/register.php on line 15

 

My own "Something went wrong with the insert!" error is popping up as well.  Knowing me, it's just a syntax error, but I can't find it.  My script's code is below:

 

<?php

include_once 'dbconnect.php';

if(isset($_POST['submit'])){
   if(!empty($_POST['name']) && !empty($_POST['pass'])){
      $name = $_POST['name'];
      $pass = $_POST['pass'];
      $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')";
      $result = mysql_query($query);

      $query = "SELECT * FROM 'nights_test'";
      $result = mysql_query($query);

      if(mysql_num_rows($result) > 0){
         while($row = mysql_fetch_assoc($result)){
            echo "{$row['name']} -- {$row['pass']}<br />";
         }
      }

      else{
         echo "Something went wrong with the insert!<br />";
      }
   }

   else{
      echo "Please enter both name and password!<br />";
   }
}

?>

<html>
<head><title>Registration Test</title>
</head>

<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   Name: <input type="text" name="name" /><br />
   Password: <input type="password" name="pass" /><br />
   <input type="submit" name="submit" value="Submit" />
</form>

</body>

</html>

[per1os]

First off surrounding the tablename by single quotes may be causing the error. It should be ` not ' .

 

Second off lets add a feature to dell us if there is an error.

 

<?php
      $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')";
      $result = mysql_query($query) or DIE(mysql_error());

      $query = "SELECT * FROM 'nights_test'";
      $result = mysql_query($query) or DIE(mysql_error());


?>

 

Chances are both of those threw an error due to the single quotes around the table name. Try that and see what happens.

 

--FrosT

[KevinM1]

First off surrounding the tablename by single quotes may be causing the error. It should be ` not ' .

 

Second off lets add a feature to dell us if there is an error.

 

<?php
      $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')";
      $result = mysql_query($query) or DIE(mysql_error());

      $query = "SELECT * FROM 'nights_test'";
      $result = mysql_query($query) or DIE(mysql_error());


?>

 

Chances are both of those threw an error due to the single quotes around the table name. Try that and see what happens.

 

--FrosT

 

This is strange...I've changed my code to this:

<?php

include_once 'dbconnect.php';

if(isset($_POST['submit'])){
   if(!empty($_POST['name']) && !empty($_POST['pass'])){
      $name = $_POST['name'];
      $pass = $_POST['pass'];
      $query = "INSERT INTO nights_test (name, pass) VALUES ('$name', '$pass')";
      $result = mysql_query($query) or DIE(mysql_error());

      $query = "SELECT * FROM nights_test";
      $result = mysql_query($query) or DIE(mysql_error());

      if(mysql_num_rows($result) > 0){
         while($row = mysql_fetch_assoc($result)){
            echo "{$row['name']} -- {$row['pass']}<br />";
         }
      }

      else{
         echo "Something went wrong with the insert!<br />";
      }
   }

   else{
      echo "Please enter both name and password!<br />";
   }
}

?>

 

And I get the following error:

Table 'nights_test.nights_test' doesn't exist

 

I don't see why the table name is being used twice.

[per1os]

It goes databasename.tablename in the scheme, which it is basically say for database nights_test the table nights_test does not exist.

 

fun stuff, it might not be a good idea to name the tablename the same as the DB name. I am not sure if that causes issues/conflicts.

 

Maybe phpMyAdmin might be able to help diagnose that problem.

 

--FrosT

[redarrow]

Dobble posting ok corrected.

 

<?php

include_once 'dbconnect.php';

if(isset($_POST['submit'])){
  if(!empty($_POST['name']) && !empty($_POST['pass'])){
     $query = "INSERT INTO nights_test (name, pass) VALUES ('$name', '$pass')";
     $result = mysql_query($query) or DIE(mysql_error());

     $query = "SELECT * FROM nights_test";
     $result = mysql_query($query) or DIE(mysql_error());

     if(mysql_num_rows($result) > 0){
        while($row = mysql_fetch_assoc($result)){
           echo "{$row['name']} -- {$row['pass']}<br />";
        }
     }

     else{
        echo "Something went wrong with the insert!<br />";
     }
  }

  else{
     echo "Please enter both name and password!<br />";
  }
}

?>

[redarrow]

     
echo "{$row['name']} -- {$row['pass']}<br />";

to

      echo " ".$row['name']." -- ".$row['pass']."<br />";

five times faster then {} ok.

[KevinM1]

Found my problem...nights_test is the db name while I named my table 'users', but forgot to use it in my queries because, apparently, I'm an idiot.

 

Thanks for the help everyone!

[redarrow]

also add

<?php
$username=trim(mysql_escape_string($username));
$password=trim(mysql_escape_string($pasword));
?>

 

also add

<?php
md5($password);
?>

 

also make sure the user name is no more then 15 letters.

<?php
$x=strlen($username);
if($x>15){
echo" a message";
}
?>

 

 

When you done all that post your code for inspection ok.

[KevinM1]

also add mysql_ecsape_string($varable_name);

 

also add md5($password);

 

 

 

Oh, I will.  Like I said above, I'm in the preliminary stages.  I always test whether or not my MySQL syntax is working by creating a simple test script (or two) before moving onto the real product.  Once I get my ideas fleshed out, I tend to rewrite everything with form validation (regular expressions and escaping strings) and password encryption.  It's just that MySQL is my weak point, so I try to get all of that sorted out first.

 

The md5($password) is a PHP function, correct?  Does MySQL have something similar like, say, "INSERT INTO users (pass) VALUES (MD5('password'));" or something along those lines?  If so, would it matter if I did the md5 encryption on the MySQL end of things rather than with PHP?  Or are they both basically equal?

[redarrow]

Read on it then tell me that way we both learn ok.

[KevinM1]

Since I'm using MySQL 5.0.27, here's the page on encryption I just found that is of most use to me: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

 

According to that page, md5 isn't the most secure method to use any more.

[redarrow]

here is the best solution in hashing ok but the truth is that md5 is secure ok

but some say it not becouse of brute forcing the password ,but also you could

use md5 and salt here a simple example but if i was you just do the basics

first php hashing is a whole big bullgame dont worry ok.

 

<?php

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }

    return $salt . sha1($salt . $plainText);
}

?>

[KevinM1]

here is the best solution in hashing ok but the truth is that md5 is secure ok

but some say it not becouse of brute forcing the password ,but also you could

use md5 and salt here a simple example but if i was you just do the basics

first php hashing is a whole big bullgame dont worry ok.

 

<?php

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }

    return $salt . sha1($salt . $plainText);
}

?>

 

Yeah, I'll probably just be sticking to a non-salt MD5 encrypt.  The AES method is a bit unnecessary for passwords as you need to specify a password for whatever info you're trying to encrypt.  So, if you're trying to encrypt a password, you need a password for the password, which is a bit redundant.  And you're right, that hashing seems a bit...clunky to use.

 

Thanks for the insight, though!