This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
i am trying to check a data existence from mysql table but following script not working. bellow my codes are provided please find out where is my mistake there.
<?php
//including the database files
include("../inc/settings.php");
$email = $_POST['email'];
$password = $_POST['password'];
$query = mysql_query("SELECT easy123 FROM users WHERE email=$email", $conn);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
echo "this username not used";
}
?>
The error i am getting is-
Warning: mysql_query() expects parameter 2 to be resource, object
given in C:\xampp\htdocs\myfiles\Easy123\master\login.php on line 8
Warning: mysql_num_rows() expects parameter 1 to be resource, null
given in C:\xampp\htdocs\myfiles\Easy123\master\login.php on line 10
this username not used
First of all, make sure your database connection is correctly set up. The error you're getting clearly says that your $conn variable isn't a valid resource.
Also, use prepared statements and parameterized queries. Do not use PHP variables within your query string, it's not secure at all. Use instead PDO or MySQLi
Using PDO:
$stmt = $pdo->prepare('SELECT easy123 FROM users WHERE email = :email');
$stmt->execute(array('email' => $email));
foreach ($stmt as $row) {
// do something with $row
}
Using MySQLi:
$stmt = $dbConnection->prepare('SELECT easy123 FROM users WHERE email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
Your $query seems to be wrong. Try this:
$query = mysql_query("SELECT easy123 FROM users WHERE email='$email'", $conn);
Make sure $conn is properly defined aswell.
Related
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
I tried various ways to get the id from database but I can't get that Please help me!
Below is my query :
$username = $_POST['username'];
$query = "SELECT id FROM wp_users WHERE user_login ='".$username."'";
$result=mysqli_query($conn, $query);
if(mysqli_num_rows($result) == 1)
{
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
}
}
echo $id;
Also I tried this:
$query = "SELECT id FROM wp_users WHERE user_login ='$username'";
You should, at the very least, be using prepared statements in your queries if you're passing them user-supplied data.
use prepared statements ? and bind_param
use bind_result to bind the column to a variable. This variable is now bound by reference which means it will be updated on every iteration of the loop.
it is important to realize that you want to access the $id variable inside the loop as you're iterating over the dataset. If you use it outside/below the loop you are only working with the final row of data because it is being overwritten on every iteration.
turn on error reporting
Finally, I left your loop in place but usually, you'd only have a single user for a given username so you could use mysqli_fetch_assoc - Single Result from Database by using mySQLi
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$username = $_POST['username'];
$query = "SELECT id FROM wp_users WHERE user_login = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($id);
while ($stmt->fetch()) {
echo "ID: $id\n";
}
$stmt->close();
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 1 year ago.
<?php
//Start session
session_start();
//Include database connection details
require_once('connection.php');
$email = $_POST["email"];
$pass = $_POST["password"];
// Select the database to use
$query = "SELECT * FROM users WHERE email=$email and password=$password";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
if($row["email"]==$email && $row["password"]==$pass)
echo"You are successful login.";
else
echo"Sorry, your email or password is not valid, Please try again.";
?>
I tried to code the line of error return after $result but the same error display after login.
this error shows up
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result,
boolean given in D:\XAMPP\htdocs\codeinventor\login.php on line 18
Sorry, your email or password is not valid, Please try again.
mysqli_query returns false because something is wrong with your query. You can retrieve the error message from the MySQL server with mysqli_error($connection) for debugging.
Most likely, the problem is that $email and $password are strings, but you have neither quoted nor escaped them in your query. In addition, you have used the variable $password in the query, but actually named it $pass.
The way you're building your query is especially dangerous since it is prone to SQL injection. A better approach would be:
$query = "SELECT * FROM users WHERE email='" . mysqli_real_escape_string($connection, $email) . "' and password='" . mysqli_real_escape_string($connection, $pass) . "'";
Furthermore, I do not recommend checking the existence of the row for logins due to the danger of SQL injection. Fetching the password of the user from the database and comparing it to the given password in the PHP code could be safer. For example, with your unescaped (but properly quoted) query an attacker could specify "' OR TRUE" or something similar as password so that the query wouldn't actually check if the password is correct.
Edit: As Jordy suggested in the comments, prepared statements would not only be safe, but also more elegant than escaping the parameters manually:
$stmt = mysqli_prepare($connection, 'SELECT `password` FROM `users` WHERE `email` = ?');
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $real_pass);
if (mysqli_stmt_fetch($stmt) && $real_pass == $pass)
echo "Login successful";
else
echo "Sorry, your email or password is not valid, Please try again.";
mysqli_stmt_close($stmt);
Instead of fetching the row why dont you just count the number of rows. It would be better so the code will be.
$row_cnt = mysqli_num_rows($result);
if($row_cnt > 0)
echo"You are successful login.";
else
echo"Sorry, your email or password is not valid, Please try again.";
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 9 years ago.
Trying to get the data from a table in my database and store it into a textfield named "about"
however i keep getting an error:
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, object given in
<?php
require("common.php");
$query = $db->prepare("SELECT * FROM about");
$result = $query or die(mysql_error()); // run the query
$row = mysql_fetch_assoc($result); // fetch a result row
echo $row['about'];
?>
thats because you are not executing your query.after Prepare use Execute().your code will look something like this
<?php
require("common.php");
$query = $db->prepare("SELECT * FROM about");
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC);
print_r($result);//to check the elements of the array
echo $row['content'];
?>
Remember
PDO::prepare() - Prepares a statement for execution and returns a statement object
PDOStatement::execute() - Executes a prepared statement
You are missing mysql_query();. This to execute your sql query.
$query = "SELECT * FROM about";
$result = mysql_query($query) or die(mysql_error());
This question already has answers here:
mysql_num_rows giving error "mysql_num_rows() expects parameter 1 to be resource"
(3 answers)
Closed 5 months ago.
I have read through many other threads about this exact problem, but i for some reason can not solve my problem. Really need some help.
if (!$username||!$password||!$email)
echo "Please fill out all fields";
else
{
//encrypt password
$password = md5($password);
//check if username already taken
$check = mysql_query("SELECT * FROM Test WHERE username = '$username'");
if (mysql_num_rows($check)>=1)
echo "Username already taken";
else
It said
Warning: mysql_num_rows() expects parameter 1 to be resource, string
given in /Users.....
if (mysql_num_rows($check)>=1) This line..but when i run it in phpmyadmin, it returns results to me ok.
Please help
Try to like this:
$query = "SELECT username FROM $this->table WHERE username='$sUser'";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
Change:
$check = mysql_query("SELECT * FROM Test WHERE username = '$username'");
to
$check = mysql_query("SELECT * FROM Test WHERE username = '$username'") or die(mysql_error());
And you will see any potential errors that happens in the query.
Also, I would highly recomend using either PDO or Mysqli instead of mysql functions, as they are deprecated and will be removed in future php versions.
First You make sure that connection established correctly to the database.
Instead of writing query directly in
$check = mysql_query("SELECT * FROM Test WHERE username = '$username'");
Store the query in variable as
$query = "SELECT * FROM Test WHERE username = '".$username."'";
and execute it as
$check = mysql_query($query);
if you are still facing the issue,
echo the query as
echo $query;
and execute the query directly in phpmyadmin and you can find the issue.
I hope this helps.
You can try like this
$sql= "SELECT * FROM Test WHERE username = '".$username."'";
$check = mysql_query($sql);
I think your $check returns null that is no user with this username and null can't be a parameter mysql_num_rows() function.
if($check)
{
echo "Username already taken";
}
else
{
echo "Username available";
// do other actions
}
Ok, if anyone having the same issue, just add the variable within the if() statement two times, like so:
$Query = mysql_query($sql);
IF($Query && mysql_num_rows($Query)> 0){ // continue with the code}
This should fix the issue.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 1 year ago.
I am currently experiencing issues with the following script. Upon execution of the script, I do recieve the message "Connection was OK!" however, then I also receive the following messages:
Warning: mysql_query() expects parameter 2 to be resource, object
given in /opt/lampp/htdocs/worldofclucky.net/scripts/auth.php on line
11
Warning: mysql_fetch_array() expects parameter 1 to be resource, null
given in /opt/lampp/htdocs/worldofclucky.net/scripts/auth.php on line
12
Any idea what I am doing wrong? I am far from a PHP/MySQL expert, I wouldn't really even consider my self a novice... I did do some testing and the $username variable is sending from the previous page correctly and when typing SELECT * FROM forum.mybb_users WHERE username = 'x_clucky' LIMIT 1 into the MySQL client, it gives all of the information you would expect to get. The PHP code is as follows:
<?php
$username=$_POST["username"];
$hashed_password = md5($_POST['password']); /* For MyBB its $mybb->input['password'] */
$con=mysqli_connect("worldofclucky.net","clucky","CENSORED","forum");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else { echo "Connection was OK!\n";}
$query = mysql_query("SELECT * FROM mybb_users WHERE `username` = '$username' LIMIT 1",$con);
$row = mysql_fetch_array($query);
$encrypted_password = md5(md5($row['salt']).$hashed_password);
if($encrypted_password == $row['password']) {
echo "<script>alert('test');</script>";
}
mysqli_close($con);
?>
Thank you in advanced for your help
change mysql to mysqli and use below kind of query. You can't use mysql and mysqli altogether.
$query = mysqli_query($con, "SELECT * FROM mybb_users WHERE `username` = '$username' LIMIT 1");
$row = mysqli_fetch_array($query);
From a quick look it seems like you are using mysqli functions to connect and then mysql functions to make the actual query. mysql_* functions are now deprecated.