I keep having an error in mysql_fetch_(assoc,array,row) I can't find the problem and when I try to count the rows of the result by using echo the result is 1
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Jocales\login.php on line 88
in query SELECT * FROM users WHERE uName ='nuha' AND uPassword = '123'
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
?>
Change
$record=mysql_fetch_assoc($query)
To
$record=mysql_fetch_assoc($result)
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
WARNING: You code is vulnerable to SQL Injection.
use this code ( replace $query with $result )
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
?>
The function mysql_fetch_assoc() expects one parameter and it should be a resource type. You're providing a string.
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
//this is the issue!
$record = mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
the last statement should be
$record = mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
NOTE (straight from php.net about mysql_*)
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Related
This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 4 years ago.
I am facing an error as I'm about to launch my PHP files to a free web hosting site. The error showing up is given below:
And below is the code for my project.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
I'm not sure what the errors are as I am self-taught on PHP. hopefully you guys can point out what change i should make. Thanks in advance!
First, as you suggest in the title, use mysqli for security reasons, or even better, PDO.
With mysqli: (updated)
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = mysqli_num_rows($res);
With PDO:
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = $res->fetchColumn();
$conn being your database link. The PDO version assumes you don't need the rows but just the count. In case someone tells you to, don't use rowCount on SELECT query, that's not reliable.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
try this one
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysqli_query($con, $sql) or die("Error: " . mysqli_error($con)); // $con is the connection to database like // $con = mysqli_connect("localhost","my_user","my_password","my_db");
$row = mysqli_num_rows($query);
i'm trying to insert some records into the db and i'm getting this error: Query was empty
$data= json_decode(file_get_contents("php://input"));
$usercomment= mysql_real_escape_string($data->usercomment);
$wardrobe= mysql_real_escape_string($data->wardrobe);
$ctype= mysql_real_escape_string($data->ctype);
$pic= mysql_real_escape_string($data->pic);
$vtype= mysql_real_escape_string($data->vtype);
$query=mysql_query ("INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`)
VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')");
$Result1 = mysql_query($query, $dbcon) or die(mysql_error());
$query is already a mysql_query, so you can't add it inside the other mysql_query.
You can make $query be the string for the mysql_query below it.
$query = "INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`) VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')";
$result1 = mysql_query($query, $dbcon) or die(mysql_error());
Also, don't use the mysql_* functions, use mysqli_* instead.
See this answer for more details on why.
I have modified your code.. try this
data= json_decode(file_get_contents("php://input"));
$usercomment= mysql_real_escape_string($data->usercomment);
$wardrobe= mysql_real_escape_string($data->wardrobe);
$ctype= mysql_real_escape_string($data->ctype);
$pic= mysql_real_escape_string($data->pic);
$vtype= mysql_real_escape_string($data->vtype);
$query="INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`)
VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')";
$Result1 = mysql_query($query) or die(mysql_error());
This question already has an answer here:
mysql_num_rows(): supplied argument is not a valid MySQL result resource [duplicate]
(1 answer)
Closed 9 years ago.
I am trying to get the amount of rows that referral_in and referral_out exist in (as separate variables). This is my code for that:
$username = $_SESSION['username'];
$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server");
mysql_select_db("xxxxx") or die("Couldnt find database");
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username");
$same = mysql_num_rows($namecheck);
$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username");
$leading = mysql_num_rows($namecheck);
echo "$leading / $same"
When do it, I am getting this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 23
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 25
You are forgetting the quotes around $username
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".$username."'");
Also try to escape the $username as you are code is vulnerable towards SQL Injection
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".mysql_real_escape_string($username)."'");
SIDE NOTE: Don't use mysql_query instead use mysqli
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
$samecheck instead of $namecheck??? Where is $namecheck defined?
First off, mysql extension is deprecated. Please consider MySqli or PDO. Second, you may want to sanitize your session variable for security reasons. If you use a parameterized query with MySQLi or PDO, you have nothing to worry about. Otherwise, the APIs provide methods (mysql, mysqli) to escape your string.
Now there's a typo in WERE, should be WHERE.
If username is a string type, you need to enclose the value in quotes.
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`='$username'");
$same = mysql_num_rows($samecheck); //another typo; should be $samecheck
Also in your second mysql_num_rows(), you probably meant to pass $leadcheck, not $namecheck
try this
$username = $_SESSION['username'];
$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server");
mysql_select_db("xxxxx") or die("Couldnt find database");
$samecheck = mysql_query("SELECT `referral_in` ,`referral_out` FROM `users` WHERE `username`=$username");
$same = mysql_num_rows($namecheck);
$row = mysql_fetch_array($samecheck);
echo $row['referral_in'] / $row['referral_out'] ;
note:
mysql is decprecated , please use PDO or mysqli instead.
Error is saying that $namecheck is not a mysql_query.
$namecheck is not defined.
$namecheck should be $namecheck and $leadcheck respectively.
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username");
$same = mysql_num_rows($samecheck);
$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username");
$leading = mysql_num_rows($leadcheck);
This should work
$username = $_SESSION['username'];
$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldn't Connect to Server");
mysql_select_db("xxxxx") or die("Couldn't find database");
$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`=$username") or die (mysql_error());
$same = mysql_num_rows($samecheck);
$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WHERE `username`=$username") or die (mysql_error());
$leading = mysql_num_rows($leadcheck);
echo "$leading / $same"
also, please at some point consider using mysqli
http://php.net/manual/en/book.mysqli.php
because the mysql extension is deprecated, open to SQL injection, and will likely be removed in a newer version of PHP
I am trying to retrieve multiple rows from the database and process it for response as service using php code, but I wouldn't retreive all values, only first row from the table is displaying, how can I make dis to work?
Here is my code:
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("testing",$conn);
$sql="insert into login (src,dest)values('$from','$tona')";
$result=mysql_query($sql,$conn) or die(mysql_error());
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
setcookie('a',$numrows);
Note the use of _mysql is discouraged for new development ... please read this on selecting a new API
This is pretty basic but you need to loop the returned result like so :
$res = mysql_query("SELECT * FROM login");
while ($row = mysql_fetch_array($res, MYSQL_BOTH)) {
// your columns are accessible using
$row['columnname'];
// or
$row[columnnumber];
}
Docs for mysql_fetch_array are here
mysql_query returns a resource on success or false on failure
do like this
<?php
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("testing",$conn);
$sql="insert into login (src,dest)values('$from','$tona')";
$result=mysql_query($sql,$conn) or die(mysql_error());
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
while ($result=mysql_fetch_array($res)){
echo $result['src']."<br/>";
}
setcookie('a',$numrows);
mysql_* is deprecated
use
$res = mysql_query("SELECT * FROM login");
$numrows = mysql_num_rows($res);
while($row = mysql_fetch_assoc($res))
{
print_r($row);
}
I see that you using mysql instead of mysqli. Try changing to mysqli instead, because this will become the new standard. As of version PHP 5.5.0 mysql will become deprecated.
I have this piece of PHP code:
<?php
$username=$_POST['username'];
$password=$_POST['password'];
if($username&&$password){
$connect=mysql_connect("localhost","root","") or die(" Couldnt connect");
mysql_select_db("phplogin") or die ("Can't find database" .mysql_error());
$query=mysql_query("SELECT * users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
if (!$query) {
die('Invalid query: ' . mysql_error());
}
}
else
die ("Enter username and password!") .mysql_error();
?>
However, when I try to run this code I get these errors:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\PHP testing\login.php on line 9
and
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'users WHERE username='alex'' at line 1
Can someone explain to me what I'm I doing wrong here?
You must specify a table from which you're selecting with FROM keyword:
$query=mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
you should really check for errors after your query, then the system will tell you what is wrong
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numrows = mysql_num_rows($query);
as #mike commented, your select query is missing the from bit
"SELECT * FROM users WHERE username='$username' "
Well Your code is vulnerable to SQL Injection Attack
$username=$_POST['username'];
$password=$_POST['password'];
instead of above use this code
$username= mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$connect = mysql_connect("localhost","root","") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find db");
$result = mysql_query("SELECT * FROM admin", $connect);
$numrows = mysql_num_rows($result);
and it will evaluate resource
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numberOfRows = mysql_num_rows($query);
echo $numberOfRows;