I am using the JQuery Validation Plugin. I got the remote function working with the default php file.
I modified the php file to use my own version but mysql is returning
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fastbluf/syatch/module/1.func.php on line 15
My PHP Code is the following. All my syntax looks correct.
<?php
// Last Edited: 4/23/12
$conn = mysql_connect('localhost','hidden','hidden') or die('Iam dying');
$rs = #mysql_select_db( "hidden", $conn) or die( "Err:Db" );
$do = $_REQUEST['do'];
$email= $_REQUEST['email'];
$user= $_REQUEST['user'];
function checkInfo($do,$email,$user){
switch ($do) {
case 1:
$sql = "select * from User_Base where Email_Address = $email";
$results = mysql_query($sql). mysql_error();
$nResults = mysql_num_rows($results);
if ($nResults > 0) {
$valid="false";
} else {
$valid="true";
}
break;
case 2:
//not yet
break;
}
return $valid;
}
echo checkInfo($do,$email,$user);
?>
The problem is that you're appending to your result, causing it to no longer be a valid result.
$results = mysql_query($sql). mysql_error();
Try changing this to be something like this:
$results = mysql_query($sql) or die(mysql_error());
Your query should also be changed to quote the email address, and the address should be escaped to prevent attacks (SQL Injection):
$email = mysql_real_escape_string($_REQUEST['email']);
$sql = "select * from User_Base where Email_Address = '$email'";
Fix your query to
$sql = "select * from User_Base where Email_Address = '".$email."'";
Related
Why MYSQLi does not update the DB record, but it does provide a successful message. Of course, with the following message: 0 records UPDATED successfully And no changes are made to the database.
my index php file code:
<?php
include 'connect.php';
$work = $_GET["work"];
if($work == "select"){
$query = "SELECT * FROM login ORDER BY City DESC";
$result = $connect->prepare($query);
$result ->execute();
$out = array();
while ($row = $result->fetch(PDO::FETCH_ASSOC)){
$record = array();
$record["InsID"] = $row["InsID"];
$record["Password"] = $row["Password"];
$record["Name"] = $row["Name"];
$record["City"] = $row["City"];
array_push($out,$record);
}
echo json_encode($out);
} elseif($work == "update"){
$name2 = $_REQUEST["Ali"];
$code2 = $_REQUEST["4779"];
$city2 = $_REQUEST["teh"];
$pass2 = $_REQUEST["123"];
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2'";
$result2 = $connect->prepare($query2);
$result2 ->execute();
}
?>
I really do not know where my coding is wrong. Please help.
I don't get why you are updating InsID and also using 'where InsID like'
Also there is additional ; in query
You may try
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID like '$code2'";
Important = sanitize input data first**
if I understand what you're trying to accomplish then :
you don't have to set InsID again
you need to use = and not LIKE in the WHERE condition
i.e. this is the row you need :
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';";
also see Nico Haase's comment, it's super correct ! you must improve the code security, see : http://php.net/manual/en/security.database.sql-injection.php
Try this code
May be useful
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';
if(mysqli_affected_rows($connect)==1){
echo "updated successfully";
}
else{
echo "failed";
}
I am trying to build a cart using MySQL. I keep getting this error 'Query was empty' when I run this code. Please help I've tried several things such as putting the variables inside the string instead of concatenating it.
<?php ob_start(); ?><?php require_once("../include/membersite_config.php"); ?>
<?php
require('../products_reloaded/config.php');
session_start();
$user = $_REQUEST['user'];
$user = mysql_real_escape_string($user);
$itemNum = $_REQUEST['itemNum'];
$itemNum = mysql_real_escape_string($itemNum);
$quantity = $_POST['quantity'];
$quantity = intval($quantity);
$CheckForExistence = mysql_query("select * from cart where user = '$user' and p_number = '$itemNum'" );
$alreadyExistsChecker = mysql_num_rows($CheckForExistence);
if($alreadyExistsChecker >= 1)
{
$quantity +=1;
echo "this is equal to $alreadyExistsChecker";
}
if($alreadyExistsChecker == 0)
{
$getQuery = mysql_query("select * from product where p_number = '$itemNum'");
while($row = mysql_fetch_array($getQuery))
{
$name = $row['p_name'];
$image = $row['p_url'];
$price = $row['p_price'];
}
$name = mysql_real_escape_string($name);
$image = mysql_real_escape_string($image);
$price = intval($price);
$query = mysql_query('insert into cart values('.$user.','.$itemNum.','.$name.', '.$image.','.$quantity.', '.$price.')');
$result = mysql_query($query);
if (!$result) {
print "An error occured: " . mysql_error() . "\n";
}
}
header('http://www.definitionxjm.com/shopping/viewCart.php');
?>
What do you try to achieve with this line?
$result = mysql_query($query);
Just delete it and change the line above to
$result = mysql_query('insert into cart values('.$user.','.$itemNum.','.$name.', '.$image.','.$quantity.', '.$price.')');
[Edit]
Btw. you are forgetting the " (quotes) inside the query which causes an sql error to occur, leading to $query = false (see manual). $query (false) then gets converted to string, resulting in '' (an empty string) which you pass to mysql_query and that generates an "Query was empty"-Message, as it should because you tried to send an empty query.
It can also mean the table which is in consideration is empty.This condition arises when the "DELETE FROM table_name where ;" is used. Here if the table "table_name" has no data, it cannot delete anything and hence it shows an error stating that the query is empty.
I am using MySQL to get data from table but it shows an exception. Here is the code I am using. I am calling this using URL to test:
$userName=mysql_real_escape_string($_GET['userName']);
$query = mysql_query("SELECT * FROM UserCredentials where UserName='$userName' ");
http://celeritas-solutions.com/pah_brd_v1/productivo/getUserData.php?userName=jamshaid.ali
Here is the exception
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/i/h/u/ihus235/html/cs/pah_brd_v1/productivo/getUserData.php on line 74 []
Here is the full code
$userName=mysql_real_escape_string($_GET['userName']);
$query = mysql_query("SELECT * FROM UserCredentials Where UserName='$userName' ");
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
?>
$query = sprintf("SELECT * FROM UserCredentials where UserName='%s'",mysql_real_escape_string($_GET['userName']));
$result = mysql_query($query);
if(result){
//do you code
}
Some suggestions -
Use isset() , like --
if(isset($_GET['userName'])) {
// Do the processing, most appropriate check whether form is submitted or not
}
Now your code will looks like-
// Sanatize the data, and make sure to safe your code from sql injections(prefer PDO or mysqli_)
if(isset($_GET['userName'])) {
$userName=mysql_real_escape_string($_GET['userName']);
$sql = "SELECT * FROM UserCredentials Where UserName='".$userName."'";
$query = mysql_query($sql, $conn) or die(mysql_error());
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
}
?>
echo $sql; and run it in phpmyadmin to check your query is forming correctly or not, use var_dump() and read error/warning/notices to track errors.
Sorry about the last post I had. Here's my revision, please help me.
<?php
//connect database
$sql = "SELECT * FROM user where user_id = 8320 AND password = 'admin' ";
$query = pg_query($sql);
var_dump($row = pg_fetch_array($query)); //dumps correctly.
?>
BUT THE PROBLEM IS THIS..when I try to make it as a function LIKE:
function check($user_id, $password)
{
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($sql);
$row = pg_fetch_array($query);
return $row;
}
AND CALL IT HERE:
var_dump($data = check(8320, 'admin')); DUMPS NULL;
How come it ended up like this?
Its returning NULL because there is an error with your SQL query, and no results are being returned. You should do some error checking in your function, try this version:
function check($user_id, $password)
{
$dbconn = pg_connect("host=localhost dbname=test");
$sql = "SELECT * FROM user where user_id = $1 AND password = $2 ";
$result = pg_query_params($dbconn, $sql, array($user_id,$password));
$row = pg_fetch_array($result);
if (!$row) {
echo pg_last_error($dbconn);
} else {
return $row;
}
}
Try the code below. It should work fine for you.
$data = check(8320, 'admin');
var_dump($data);
Seems like your PostgreSQL resource is missing inside the function. You have two options.
Declare the connection resource inside the function using global.
Establish the connection inside the function.
This is the first option:
$conn = pg_connect('host','user','pass','db');
function check($user_id, $password)
{
global $conn;
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($conn, $sql);
$row = pg_fetch_array($query);
return $row;
}
And this is the second option:
function check($user_id, $password)
{
$conn = pg_connect('host','user','pass','db');
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($conn, $sql);
$row = pg_fetch_array($query);
return $row;
}
According to the PHP manual, You may omit connection resource, but it is not recommended, since it can be the cause of hard to find bugs in scripts.
I am trying to see if the logged in user is verified. But there is an error:
Warning: mysql_fetch_array(): supplied
argument is not a valid MySQL result
resource in
/home/psmcouk/public_html/colemansystems/verify.php
on line 332
Here is the PHP code:
$user1 = $_SESSION['usr'];
$result = mysql_query("SELECT * FROM phpbb_members WHERE memberName=$user1");
while($row = mysql_fetch_array($result)) //LINE 332
{
$valid = $row['valid'];
}
if($valid == "1"){
echo "$user1, you're account is currently verified.";
}
I just can not see what is wrong with this code.
Thanks!
All the answers above are lame.
$user1 = mysql_real_escape_string($_SESSION['usr']);
$query = "SELECT valid FROM phpbb_members WHERE memberName='$user1' and valid=1";
$result = mysql_query($query) or trigger_error(mysql_error()." in ".$query);
$valid = mysql_num_rows($result);
if($valid){
echo "$user1, your account is currently verified.";
}
You probably have an SQL error. Try
if (!$result) {
echo 'Invalid query: ' . mysql_error() . "\n";
}
I guess $user should be quoted:
$result = mysql_query("SELECT * FROM phpbb_members WHERE memberName='$user1'");
You can always see whats wrong my placing echo mysql_error(); after the query
As already posted, you just have to put the user name in single quotations marks:
$query = "SELECT * FROM phpbb_members WHERE memberName = '".$user1."'";
Assuming, that the user name column is varchar. The code you used is only valid if you compare numbers, e.g. integers.
A general remark: Depending on the size of the columns of your database, it might be resonable to select specific rows rather than all using *. For instance:
$query = "SELCT memberName, valid FROM phpbb_members";
Try to use:
$result = mysql_query("SELECT * FROM phpbb_members WHERE memberName='$user1'")
or die(mysql_error()); // to get if any error exists
$user1 = $_SESSION['usr'];
$result = mysql_query("SELECT * FROM phpbb_members WHERE memberName=$user1");
while($row = mysql_fetch_field($result)) //LINE 332
{
$valid = $row['valid'];
}
if($valid == "1"){
echo "$user1, you're account is currently verified.";
}
try this.
You should test the result of mysql_query before using it, if you follow the examples from php.net :
$result = mysql_query("SELECT * FROM phpbb_members WHERE memberName=$user1");
if (!$result) {
die('Request problem : ' . msql_error());
}
while($row = mysql_fetch_array($result)) //LINE 332
...