KevinM1 Posted March 9, 2007 Share Posted March 9, 2007 I'm currently writing a very simple user registration script. I'm in the preliminary stages, but I keep getting an error whenever I try using mysql_num_rows(). Specifically, it tells me: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/nights/www/www/PHP_stuff/necc/register.php on line 15 My own "Something went wrong with the insert!" error is popping up as well. Knowing me, it's just a syntax error, but I can't find it. My script's code is below: <?php include_once 'dbconnect.php'; if(isset($_POST['submit'])){ if(!empty($_POST['name']) && !empty($_POST['pass'])){ $name = $_POST['name']; $pass = $_POST['pass']; $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query); $query = "SELECT * FROM 'nights_test'"; $result = mysql_query($query); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ echo "{$row['name']} -- {$row['pass']}<br />"; } } else{ echo "Something went wrong with the insert!<br />"; } } else{ echo "Please enter both name and password!<br />"; } } ?> <html> <head><title>Registration Test</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Name: <input type="text" name="name" /><br /> Password: <input type="password" name="pass" /><br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
per1os Posted March 9, 2007 Share Posted March 9, 2007 First off surrounding the tablename by single quotes may be causing the error. It should be ` not ' . Second off lets add a feature to dell us if there is an error. <?php $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query) or DIE(mysql_error()); $query = "SELECT * FROM 'nights_test'"; $result = mysql_query($query) or DIE(mysql_error()); ?> Chances are both of those threw an error due to the single quotes around the table name. Try that and see what happens. --FrosT Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 9, 2007 Author Share Posted March 9, 2007 First off surrounding the tablename by single quotes may be causing the error. It should be ` not ' . Second off lets add a feature to dell us if there is an error. <?php $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query) or DIE(mysql_error()); $query = "SELECT * FROM 'nights_test'"; $result = mysql_query($query) or DIE(mysql_error()); ?> Chances are both of those threw an error due to the single quotes around the table name. Try that and see what happens. --FrosT This is strange...I've changed my code to this: <?php include_once 'dbconnect.php'; if(isset($_POST['submit'])){ if(!empty($_POST['name']) && !empty($_POST['pass'])){ $name = $_POST['name']; $pass = $_POST['pass']; $query = "INSERT INTO nights_test (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query) or DIE(mysql_error()); $query = "SELECT * FROM nights_test"; $result = mysql_query($query) or DIE(mysql_error()); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ echo "{$row['name']} -- {$row['pass']}<br />"; } } else{ echo "Something went wrong with the insert!<br />"; } } else{ echo "Please enter both name and password!<br />"; } } ?> And I get the following error: Table 'nights_test.nights_test' doesn't exist I don't see why the table name is being used twice. Quote Link to comment Share on other sites More sharing options...
per1os Posted March 9, 2007 Share Posted March 9, 2007 It goes databasename.tablename in the scheme, which it is basically say for database nights_test the table nights_test does not exist. fun stuff, it might not be a good idea to name the tablename the same as the DB name. I am not sure if that causes issues/conflicts. Maybe phpMyAdmin might be able to help diagnose that problem. --FrosT Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 9, 2007 Share Posted March 9, 2007 Dobble posting ok corrected. <?php include_once 'dbconnect.php'; if(isset($_POST['submit'])){ if(!empty($_POST['name']) && !empty($_POST['pass'])){ $query = "INSERT INTO nights_test (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query) or DIE(mysql_error()); $query = "SELECT * FROM nights_test"; $result = mysql_query($query) or DIE(mysql_error()); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ echo "{$row['name']} -- {$row['pass']}<br />"; } } else{ echo "Something went wrong with the insert!<br />"; } } else{ echo "Please enter both name and password!<br />"; } } ?> Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 9, 2007 Share Posted March 9, 2007 echo "{$row['name']} -- {$row['pass']}<br />"; to echo " ".$row['name']." -- ".$row['pass']."<br />"; five times faster then {} ok. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 9, 2007 Author Share Posted March 9, 2007 Found my problem...nights_test is the db name while I named my table 'users', but forgot to use it in my queries because, apparently, I'm an idiot. Thanks for the help everyone! Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 9, 2007 Share Posted March 9, 2007 also add <?php $username=trim(mysql_escape_string($username)); $password=trim(mysql_escape_string($pasword)); ?> also add <?php md5($password); ?> also make sure the user name is no more then 15 letters. <?php $x=strlen($username); if($x>15){ echo" a message"; } ?> When you done all that post your code for inspection ok. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 9, 2007 Author Share Posted March 9, 2007 also add mysql_ecsape_string($varable_name); also add md5($password); Oh, I will. Like I said above, I'm in the preliminary stages. I always test whether or not my MySQL syntax is working by creating a simple test script (or two) before moving onto the real product. Once I get my ideas fleshed out, I tend to rewrite everything with form validation (regular expressions and escaping strings) and password encryption. It's just that MySQL is my weak point, so I try to get all of that sorted out first. The md5($password) is a PHP function, correct? Does MySQL have something similar like, say, "INSERT INTO users (pass) VALUES (MD5('password'));" or something along those lines? If so, would it matter if I did the md5 encryption on the MySQL end of things rather than with PHP? Or are they both basically equal? Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 9, 2007 Share Posted March 9, 2007 Read on it then tell me that way we both learn ok. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 9, 2007 Author Share Posted March 9, 2007 Since I'm using MySQL 5.0.27, here's the page on encryption I just found that is of most use to me: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html According to that page, md5 isn't the most secure method to use any more. Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 9, 2007 Share Posted March 9, 2007 here is the best solution in hashing ok but the truth is that md5 is secure ok but some say it not becouse of brute forcing the password ,but also you could use md5 and salt here a simple example but if i was you just do the basics first php hashing is a whole big bullgame dont worry ok. <?php define('SALT_LENGTH', 9); function generateHash($plainText, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $plainText); } ?> Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 9, 2007 Author Share Posted March 9, 2007 here is the best solution in hashing ok but the truth is that md5 is secure ok but some say it not becouse of brute forcing the password ,but also you could use md5 and salt here a simple example but if i was you just do the basics first php hashing is a whole big bullgame dont worry ok. <?php define('SALT_LENGTH', 9); function generateHash($plainText, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $plainText); } ?> Yeah, I'll probably just be sticking to a non-salt MD5 encrypt. The AES method is a bit unnecessary for passwords as you need to specify a password for whatever info you're trying to encrypt. So, if you're trying to encrypt a password, you need a password for the password, which is a bit redundant. And you're right, that hashing seems a bit...clunky to use. Thanks for the insight, though! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.