[SOLVED] error only when hosted on a website

[gsquare567]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in abc.php on line 57

 

and my code is:

$find_user = $_GET['username'];

$result = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");

if($row = mysql_fetch_array($result))

[kenrbnsn]

You should check to see whether you're getting an MySQL error on the query. That should tell you more. Plus, you really should sanitize the input to guard against MySQL insertion attacks by using the function mysql_real_escape_string()

<?php
$find_user = mysql_real_escape_string(stripslashes($_GET['username']));
$query = "SELECT * FROM AuthDB WHERE Username = '$find_user'";
$result = mysql_query($query) or die("Problem with the query <pre>$query</pre>" . mysql_error());
if($row = mysql_fetch_array($result))
?>

 

Ken

[gsquare567]

well, when i add in an echo

$find_user = $_GET['username'];
echo "SELECT * FROM AuthDB WHERE Username = '$username'";
$result = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");

if($row = mysql_fetch_array($result))

and the url ends with /abc.php?username=test&password=abcdef, it says:

SELECT * FROM AuthDB WHERE Username = 'test'
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

 

so it has nothing to do with the result variable

[kenrbnsn]

That's not what I said to do. Read my post again.

 

Ken

[gsquare567]

SELECT * FROM AuthDB WHERE Username = 'test'Problem with the query

 

Query was empty

 

ur very smart. but how do i fix this?

[gsquare567]

ok, i understood that it wasnt in the db, then apparently my db was deleted, so i made a new one and now i get this:

SELECT * FROM AuthDB WHERE Username = 'test'Problem with the query

Resource id #2

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #2' at line 1

[kenrbnsn]

I still don't think you're using the code I posted, but some combination of your code and mine. Please post the exact code that you're using.

 

Ken

[gsquare567]

$find_user = $_GET['username'];
echo "SELECT * FROM AuthDB WHERE Username = '$username'";

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");
$result = mysql_query($query) or die("Problem with the query <pre>$query</pre>" . mysql_error());

if($row = mysql_fetch_array($result))

[trq]

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");

$result = mysql_query($query) or die("Problem with the query <pre>$query</pre>" . mysql_error());

 

Man, do you understand what your code is attempting?

 

Seriously, you need to learn to debug. Always check your queries actually succeed before trying to use any results from them.

 

<?php

  $find_user = mysql_real_escape_string(stripslashes($_GET['username']));
  $query = "SELECT * FROM AuthDB WHERE Username = '$find_user'";
  if ($result = mysql_query($query)) {
    if (mysql_num_rows($result)) {
      while ($row = mysql_fetch_assoc($result)) {
        // display the data.
      }
    } else {
      echo "No results found";
    }
  } else {
    echo "Problem with the query <pre>$query</pre>" . mysql_error();
  }

?>

[gsquare567]

whats the difference?

[trq]

mysql_query returns a resource. Your trying to feed a resource back into mysql_query. Your code makes NO sense at all and funnily enough, doesn't work.

[kenrbnsn]

Plenty. Just compare the code you're using with Thorpe's code and you should see where you've made your mistakes.

 

Ken

[gsquare567]

same errors basically:

Problem with the query

Resource id #2

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #2' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

[AndyB]

That simply is not possible. Nothing in Ken's code or Thorpe's code would echo "resource id" anything.  Sounds like you still haven't made your code the same as the perfectly good code that's been offered to you.

[gsquare567]

maybe its the code after it:

if($row = mysql_fetch_array($result))
{
// password checking
$find_pass = $_GET['password'];
if($row['Password'] == $find_pass)
{
	// ip checking
	$find_ip = $_SERVER['REMOTE_ADDR'];
	$ip = $row['IP'];
	if($row['IP'] == $find_ip || strlen($ip) == 0)
	{
		if(strlen($ip) == 0) // set ip if not already set
		{
			mysql_query("UPDATE AuthDB SET IP = '$find_ip' WHERE Username = '$find_user'");
		}

		$find_time = date("l, F jS, Y") . " at " . date("g:i:s A");
		mysql_query("UPDATE AuthDB SET Last Login = '$find_time' WHERE Username = '$find_user'");			

		$valid = true;
	}
}
}

[AndyB]

Since none of the queries there have any error trapping, that code is not responsible for the error message you posted.  C'mon, it's late. Take a closer look at what you're doing.

[gsquare567]

echo "Problem with the query <pre>$query</pre>" . mysql_error();
  }

if($row = mysql_fetch_array($result))

 

thats where the errors r comin from

[AndyB]

That's echoing resource #2?  OK, you win.

[gsquare567]

i dont get it, what's resource #2? is it like an explosive bomb or somethin? i'll post all my code:

 

<?php
$mysql_host = '**********';
$mysql_user = '***********';
$mysql_pass = '*******';
$mysql_db = '**********';

// mysql connecting
$dbc = mysql_connect($mysql_host, $mysql_user, $mysql_pass)
or DIE('Could not connect to the MySQL server: ' . mysql_error());

mysql_select_db($mysql_db, $dbc) or DIE('Could not select the database: ' . mysql_error());

$valid = false;

if ($_SERVER["HTTP_X_FORWARDED_FOR"] != "")
{
$IP = $_SERVER["HTTP_X_FORWARDED_FOR"];
$proxy = $_SERVER["REMOTE_ADDR"];
$host = $_SERVER["HTTP_X_FORWARDED_FOR"];
}
else
{
$IP = $_SERVER["REMOTE_ADDR"];
$host = $IP;
}
echo "HOST: " . $host . "<br>";
echo "PROXY: " . $proxy . "<br>";
echo "IP: " . $ip . "<br>";

// username checking
$find_user = $_GET['username'];
echo "SELECT * FROM AuthDB WHERE Username = '$username'";

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");
//$result = mysql_query($query) or die("Problem with the query <pre>$query</pre>" . mysql_error());

if ($result = mysql_query($query)) {
    if (mysql_num_rows($result)) {
      while ($row = mysql_fetch_assoc($result)) {
        // display the data.
        echo $row['Username'];
      }
    } else {
      echo "No results found";
    }
  } else {
    echo "Problem with the query <pre>$query</pre>" . mysql_error();
  }

if($row = mysql_fetch_array($result))
{
// password checking
$find_pass = $_GET['password'];
if($row['Password'] == $find_pass)
{
	// ip checking
	$find_ip = $_SERVER['REMOTE_ADDR'];
	$ip = $row['IP'];
	if($row['IP'] == $find_ip || strlen($ip) == 0)
	{
		if(strlen($ip) == 0) // set ip if not already set
		{
			mysql_query("UPDATE AuthDB SET IP = '$find_ip' WHERE Username = '$find_user'");
		}

		$find_time = date("l, F jS, Y") . " at " . date("g:i:s A");
		mysql_query("UPDATE AuthDB SET Last Login = '$find_time' WHERE Username = '$find_user'");			

		$valid = true;
	}
}
}

if($valid)
{
echo "ACCEPTED";
}
else
{
echo "DENIED";
}
?>

[trq]

Look. Here you assign the resource returned by mysql_query to the variable $query.

 

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");

 

Then, here you try an execute a query using that same resource stored in $query.

 

Do you even know what mysql_query returns?

 

if ($result = mysql_query($query)) {

 

You need to do some tutorials on basic database querying. Were here to help with code, not teach you step by step.

[kenrbnsn]

Replace these three lines:

<?php
$find_user = $_GET['username'];
echo "SELECT * FROM AuthDB WHERE Username = '$username'";

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");
?>

with

<?php
$find_user = mysql_real_escape_string(stripslashes($_GET['username']));
$query = "SELECT * FROM AuthDB WHERE Username = '$username'";

$result = mysql_query($query) or die("Problem with the query <pre>$query</pre><br>" . mysql_error());
?>

 

Ken

 

[gsquare567]

Look. Here you assign the resource returned by mysql_query to the variable $query.

 

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");

 

Then, here you try an execute a query using that same resource stored in $query.

 

Do you even know what mysql_query returns?

 

if ($result = mysql_query($query)) {

 

You need to do some tutorials on basic database querying. Were here to help with code, not teach you step by step.

 

false if didnt work or a value if true

[trq]

Its a resource actually, not a value. So then... can you explain why you have the code you have?

 

$query = mysql_query("SELECT * FROM AuthDB WHERE Username = '$find_user'");
if ($result = mysql_query($query)) {

 

How does that make sense?

[gsquare567]

**** u guys know this shit too well... u shud be hacking google

 

and i cant explain the code, but i can explain that its 1 am and i have to pry my eyes open. instead of $query i shud've put $result

[AndyB]

Actually, all you had to do was accurately copy code given to you by Ken or Thorpe instead of cobbling together what you did. Everybody would have saved time.  And it's 1:00 am here too.