unable to check username exists or not - php

I have created a registration program which insert username password into mysql database. I am now trying to check the username exixts or not. I wrote the following program. its not working. it showing "mysql_num_rows() expects parameter 1 to be resource."
I really need your expert suggestion
registration.php
<?php
require 'jcon.php';
if(isset($_POST["username"], $_POST["firstname"],$_POST["password"])){
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$password=$_POST["password"];
}
$query = mysql_query("SELECT * FROM member WHERE username='$username'");
if(mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else{
$sql="INSERT INTO member (username, firstname, password)
VALUES ('$username', '$firstname','$password')";}
if(!mysqli_query($con,$sql)){
die('Error: ' . mysqli_error($con));
}
echo "Dear {$firstname} ! you have been successfully registered. "
?>

it showing "mysql_num_rows() expects parameter 1 to be resource
This is the typical case where mysql_query returns false upon failure therefore triggering the infamous:
mysql_num_rows() expects parameter 1 to be resource
This can be caused by multiple factors. Try running the query in phpMyAdmin or directly to the database and see the error or fetch the last mysql error via mysql_error.
It's good practice to always check if the returned value of mysql_query is false or if the mysql_error string is not empty:
if ($result and empty(mysql_error()))
// everything ok
Note: Never ever mix mysql_ and mysqli_ functions. If you have to choose I'd go with mysqli since mysql_* functions are considered deprecated.

You can use this query:
SELECT COUNT(*) as cnt FROM member WHERE username = '$username'`.
If he's not registered, cnt column will return 0.
Therefore, you can avoid the needed parameter as it is possible for mysql_query to return FALSE if the query doesn't reproduce result and it's not possible for mysql_fetch and friends to make it as parameter.

Related

error when wanted to validate key on database

i had the problem when i want to check my valid key on my database and showing this error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\ravaaa\indexx.php on line 20
the db is login, tables is users (5) id,name,key,login
this the code
$error='';
$key="123";
$con = mysqli_connect("localhost","root","","login");
if (mysqli_connect_error())
{
echo "Failed to connect to MySQL: " . mysql_connect_error();
}
echo "sukses\n\n";
$query = mysqli_query($con, "SELECT * FROM users WHERE key='$key'");
$rows = mysqli_num_rows($query);
if($rows == 1){
echo "key is valid";
}
else
{
$error = "key is Invalid";
echo $error;
}
mysqli_close($con);
Are you sure your table have an column named "key"? Key is a reserved MySQL Keyword, and when i tried to create a table with this column to test i got an error, and after change the name "key" to another name (on the table and on the .php) i got no errors, just the message "key is Invalid".
Try to change the column name "key" and change on the php too, and check if you still get errors.
The column name key is a reserved word and therefore must be escaped using backticks:
select * from users WHERE `key` = '$key'
Without the escape, the query will fail and return FALSE per the mysqli_query docs:
Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or
EXPLAIN queries mysqli_query() will return a mysqli_result object. For
other successful queries mysqli_query() will return TRUE.
You can exit early with an error using the or die pattern:
mysqli_query($con, "SELECT * FROM users WHERE `key` = '$key'")
or die(mysqli_error($con));

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in D:\XAMPP\htdocs\codeinventor\login.php on line 18 [duplicate]

This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 1 year ago.
<?php
//Start session
session_start();
//Include database connection details
require_once('connection.php');
$email = $_POST["email"];
$pass = $_POST["password"];
// Select the database to use
$query = "SELECT * FROM users WHERE email=$email and password=$password";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
if($row["email"]==$email && $row["password"]==$pass)
echo"You are successful login.";
else
echo"Sorry, your email or password is not valid, Please try again.";
?>
I tried to code the line of error return after $result but the same error display after login.
this error shows up
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result,
boolean given in D:\XAMPP\htdocs\codeinventor\login.php on line 18
Sorry, your email or password is not valid, Please try again.
mysqli_query returns false because something is wrong with your query. You can retrieve the error message from the MySQL server with mysqli_error($connection) for debugging.
Most likely, the problem is that $email and $password are strings, but you have neither quoted nor escaped them in your query. In addition, you have used the variable $password in the query, but actually named it $pass.
The way you're building your query is especially dangerous since it is prone to SQL injection. A better approach would be:
$query = "SELECT * FROM users WHERE email='" . mysqli_real_escape_string($connection, $email) . "' and password='" . mysqli_real_escape_string($connection, $pass) . "'";
Furthermore, I do not recommend checking the existence of the row for logins due to the danger of SQL injection. Fetching the password of the user from the database and comparing it to the given password in the PHP code could be safer. For example, with your unescaped (but properly quoted) query an attacker could specify "' OR TRUE" or something similar as password so that the query wouldn't actually check if the password is correct.
Edit: As Jordy suggested in the comments, prepared statements would not only be safe, but also more elegant than escaping the parameters manually:
$stmt = mysqli_prepare($connection, 'SELECT `password` FROM `users` WHERE `email` = ?');
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $real_pass);
if (mysqli_stmt_fetch($stmt) && $real_pass == $pass)
echo "Login successful";
else
echo "Sorry, your email or password is not valid, Please try again.";
mysqli_stmt_close($stmt);
Instead of fetching the row why dont you just count the number of rows. It would be better so the code will be.
$row_cnt = mysqli_num_rows($result);
if($row_cnt > 0)
echo"You are successful login.";
else
echo"Sorry, your email or password is not valid, Please try again.";

PHP Select Login Error

I'm just a newbie in PHP and I need to create a php Login form but It have a syntax error saying Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\login.php on line 18
maybe you can help me on this tnx!
<?php
$con=mysqli_connect("localhost","root","","reservation");
if (mysqli_connect_errno())
{
echo "Failed to connect to Database: " . mysqli_connect_error();
}
else
{
}
if ($_POST["SUBMIT"]="SUBMIT")
{
$username = $_POST['username'];
$password =$_POST['password'];
$sql ="SELECT * FROM usersaccount where='$username' and password ='$password'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
if($count==1)
{
echo "success";
}
//mysqli_close($con);
}
?>
Your SELECT statement is wrong ... should be
SELECT * FROM `usersaccount` WHERE `username` ='$username' and `password` ='$password'";
---------- // Here.. Added the column name
You are not providing the column name for username field. That was your issue. Since you are matching results with condition you need a WHERE clause too !
Disclaimer : Stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.
It means your query (i.e., $sql) is broken. You are comparing a table to a string, when you should be using a WHERE clause. Also, password is a reserved word; escape it, like this:
$sql ="SELECT * FROM usersaccount WHERE `username` ='$username' and `password` ='$password'";
Also, you are wide open to SQL injection; you need prepared statements.
According to documentation you have to do this:
$con=mysqli_connect("localhost","root","","reservation");
//...
$query = "SELECT * FROM usersaccount ='$username' and password ='$password'";
if ($stmt = mysqli_prepare($con, $query)) {
mysqli_stmt_execute($stmt);/* execute query */
mysqli_stmt_store_result($stmt);/* store result */
printf("Number of rows: %d.\n", mysqli_stmt_num_rows($stmt));
mysqli_stmt_close($stmt);/* close statement */
}
Since the error message is reporting that its first parameter is a boolean, you should take a closer look at that first parameter.
$result=mysqli_query($con,$sql);
Read the documentation : If it works, mysqli_query() returns a mysqli_result() or FALSE (a boolean) if it doesn't work. So, your query didn't work and it returned a boolean.
You should probably check the outcome of executing your query and, if it fails, you should show the error message generated:
if ( $result = mysqli_query($con, $sql) === FALSE ) {
printf("Invalid query: %s\nWhole query: %s\n", mysqli_error, $sql);
exit();
}

Mysqli_Num_Rows Error, "expects parameter"

I'm creating a few lines to check if a user exist within the database. To do this, I was going to just find the username in the DB and if there IS a user with that name in the database use num_rows to make it show that their is a user with that name.
The error is:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in /home/bluef/public_html/SMNS/register.php on line 36
Code:
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."");
$usernamefound = mysqli_num_rows($usernamef);
if($usernamefound != 0){
echo "Username in use, try another username?";
}
Always have this line before mysqli_connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Always format your queries correctly.
Always use prepared statements when you need to insert a variable into query.
Always check out the "Related questions" section on the page (Or suggested questions while writing your own).
Try this with your query
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
to see the error. Also you can try this
$usernamef = mysqli_query($link, "SELECT COUNT(*) AS myCount FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
$row = mysqli_fetch_array($usernamef)
if( $row['myCount '] > 0 )
{
echo "Username in use, try another username?";
}
Check this link http://www.w3schools.com/php/func_mysqli_error.asp
Also you can try with mysql_query and mysql_num_rows() and not with mysqli_query()

PHP MYSQL db reference error

I want to check my database to see if any user has a confirmcode identical to one a registering user enters on their registration form. However I keep getting the error:
"Warning: mysql_result() expects parameter 1 to be resource, boolean given in /home/elight5/public_html/test/student_register.php on line 15"
From what I can make out, that means there is an undefined variable but I know the values in the db are named appropriately.....Is there something wrong with my syntax? I have been using the same syntax across the site with no issues....
Any suggestions or errors about/in my code?
function confirmcode_exists($confirmcode){
$confirmcode = sanitize($confirmcode);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `confirmcode` = '$confirmcode'"), 0) == 1) ? true : false;
}
The error for mysql_result() is stating that your MySQL query is failing.
Your actual SQL query does not look syntatically incorrect, which most likely means that either the table, or a column, is mispelled, or your connection doesn't have access to that table, or possibly that the connection is invalid altogether.
Try updating your code to the following; this should show you what your actual error is:
$result = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `confirmcode` = '$confirmcode'");
if (!$result) {
// query error
die('Error: ' . mysql_error());
}
return (mysql_result($result, 0) == 1);

Categories