So I have been working on different PHP scripts all day, so I don't know if it's just my eyes and I need a break or what: but I wrote a line to connect to MySQL database, and check if a username already exists. However I get error messages of course that are less than helpful (even when searched they don't seem to apply to what I am working on or just simply don't show up anything.
Error one (before I put in or die(mysqli_error($myCon)):
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/icangame/public_html/dev/php/userRegister.php on line 40
Error Two (AFTER I put in the or die statement):
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '== `user`' at line 1
Code that this apples to (will post more if you want, it's a big file.):
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHERE `username` == `$realUsername`") or die(mysqli_error($myCon));
if (mysqli_num_rows($checktherow) == 0)
{
mysqli_query($myCon, "INSERT INTO users (username, password, email)
VALUES ('$realUsername', '$realPassword', '$email')") or
die(mysqli_error($myCon));
}
Thanks, Tim
I think you need a break
replace
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHERE `username` == `$realUsername`") or die(mysqli_error($myCon));
WITH
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHERE `username` = `{$realUsername}`") or die(mysqli_error($myCon));
NOTE == in your query
It was mysql syntax error so $checktherow is returning false
The query is failing, so it assigns $checktherow a value of "false". When you run mysqli_num_rows($checktherow), it is getting a boolean value instead of a mysqli_result object that it expects
The problem is your query, you have "SELECT * FROM users WHERE username == $realUsername", but it should be "SELECT * FROM users WHERE username = $realUsername"
Dont use double equals when you want some specific from database , use it when you want to have comparison between values :
change this to :
username == $realUsername
this:
username = $realUsername
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHERE `username` == `$realUsername`") or die(mysqli_error($myCon));
should be
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHERE `username` ='".$realUsername."'") or die(mysqli_error($myCon));
Put a single = sign instead of == in your first line. Like this
$checktherow = mysqli_query($myCon, "SELECT * FROM users WHEREusername=$realUsername") or die(mysqli_error($myCon));
Related
I have a Mysql Database named user. Here is a picture:
I want to change the Username of the user "dodlo.rg" programmatically.
Actually, I have the PHP-Version 7.1. And this is a part of my PHPCode:
EDITED CODE:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1"
Thanks in advance.
The problem lies in 2 parts.
Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
Therefore your working code should be:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. (eg. where user_id = 35 instead of where username = 'dodlo.rg' ).
Lastly, but quite important this code might be vulnerable to sql injections. You need to use prepared statements.
You have to convert this query into two parts
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
I have php script like this
$query = "select * where userid = 'agusza' ";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
echo $result;
}
when I execute, the result like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where userid = 'agusza'' at line 1
But when I run that sql in sqlserver, it running well
Anybody has solution ?
$query = "select * from table_name where userid = 'agusza' ";
See the corrections I have made. You haven't used the right syntax for SELECT query
You didn't select a table using FROM. Without that, it does not know which table you are selecting data from.
You should also stop using mysql as it is deprecated. Use mysqli or PDO as they are safer.
You are also echoing the wrong variable in your while loop, try this:
while ($row = mysql_fetch_array($result) {
echo $row['column_name'];
}
$query = "select * from table where userid = 'agusza'";
Right now, you're not telling which table SQL should look in.
You should format your query like so:
select * from `TableName` where userid='agusza'
In your query below you doesnt state the database table where you should get that data using FROM
$query = "select * where userid = 'agusza' "; // instead of this
$query = "select * FROM declaredtable where userid = 'agusza' "; used this
I'm creating a few lines to check if a user exist within the database. To do this, I was going to just find the username in the DB and if there IS a user with that name in the database use num_rows to make it show that their is a user with that name.
The error is:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in /home/bluef/public_html/SMNS/register.php on line 36
Code:
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."");
$usernamefound = mysqli_num_rows($usernamef);
if($usernamefound != 0){
echo "Username in use, try another username?";
}
Always have this line before mysqli_connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Always format your queries correctly.
Always use prepared statements when you need to insert a variable into query.
Always check out the "Related questions" section on the page (Or suggested questions while writing your own).
Try this with your query
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
to see the error. Also you can try this
$usernamef = mysqli_query($link, "SELECT COUNT(*) AS myCount FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
$row = mysqli_fetch_array($usernamef)
if( $row['myCount '] > 0 )
{
echo "Username in use, try another username?";
}
Check this link http://www.w3schools.com/php/func_mysqli_error.asp
Also you can try with mysql_query and mysql_num_rows() and not with mysqli_query()
Everything in my new website is working just fine, except that I can't get this piece of code to work:
$query = mysql_query("SELECT * FROM members WHERE useremail = '$useremail'");
$row = mysql_fetch_assoc($query);
$activation = $row['activation'];
if ($activation == '0') {
die('Your account is not yet active. Please check your email!');
exit();
}
In the database, the type is enum('0', '1') and the field name is activation.
Here is the error message I am getting:
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result
Could someone please give me a hint?
Thank you.
The error message suggests that your query is invalid:
$query = mysql_query("SELECT * FROM members WHERE useremail = '$useremail'");
Are you doing any input sanitization for $usermail?
Are you sure your database contains that table and that the table contains that column.
Try doing a little debugging:
$query = "SELECT * FROM members WHERE useremail = '$useremail'";
echo $query;
and try running the content of $query directly in your database (from phpMyAdmin or something).
Everything in my new website is working just fine
...until something goes wrong.
You have to learn how to handle errors.
run all your queries at least this way.
$query = "SELECT * FROM members WHERE useremail = '$useremail'"
$result = mysql_query() or trigger_error(mysql_error()." ".$query);
and you always be notified of any error and it's reason
or implement any other way of error notifications, employing mysql_error() function which is the only thing in the world that can tell you where the actual problem is.
Change your first line to:
$query = mysql_query("SELECT * FROM members WHERE useremail = '$useremail'") or die(mysql_error());
And it will spit out the mysql error that is causing the Warning =)
You should not be presuming the call to mysql_query returns a valid result; It's good practice to always test the result first, e.g.
$r=mysql_query("SELECT * YADYADA");
if($r && mysql_num_rows($r)>0){
$row=mysql_fetch_assoc($r);
}else{
//Uh oh, something's not right~~~ throw an exception maybe?
}
I have a PHP login script. This is the part where the person can create a new user. My issue is I want to check if the user exists, and if the username does not exist the the table, than create the new user. However, if the user does exist, I want it to return an error in a session variable. Here is the code I have right now. This doesn't include my DB connections, but I know they do work. Its num_rows() that is being written as an error in the error_log file. Here is the code:
$username = mysql_real_escape_string($username);
$query = "SELECT * FROM users WHERE username = '$username';";
$result = mysql_query($query,$conn);
if(mysql_num_rows($result)>0) //user exists
{
header('Location: index.php');
$_SESSION['reg_error']='User already exists';
die();
}
else
{
$query = "INSERT INTO users ( username, password, salt )
VALUES ( '$username' , '$hash' , '$salt' );";
mysql_query($query);
mysql_close();
header('Location: index.php');
The error it is giving me is
mysql_num_rows(): supplied argument is not a valid MySQL result resource in [dirctory name]
mysql_num_rows()
Retrieves the number of rows from a result set. This command is only valid for statements like SELECT or SHOW that return an actual result set. To retrieve the number of rows affected by a INSERT, UPDATE, REPLACE or DELETE query, use mysql_affected_rows().
Instead of doing SELECT * and then mysql_num_rows(), you can do a SELECT COUNT(*) and then retrieve the number of rows, by fetching the field (that should be 0 or 1). SELECT COUNT will always return a result (provided that the query syntax is correct of course).
Also, change the query:
$query = "SELECT * FROM users WHERE username = '$username';";
into
$query = "SELECT * FROM users WHERE username = '"
. mysql_real_escape_string($username) . "';";
Just out of curiosity, have you ever heard of upserts? I.E., "insert on duplicate key". They'd be useful to you in this situation, at least if your username column is a unique key.
http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
$username = mysql_real_escape_string($username);
i think you have to replace the above to
$username = mysql_real_escape_string($_POST[$username]);