Jump to content

Problem Whit Mysql_num_rows


Guest borgen44
 Share

Recommended Posts

Guest borgen44

Hello,, i got a problem whit mysql_num_rows in my code, it wont count the rows.I get this Error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\www\TESTS\test login\class.php on line 17
My total code of the file is:
<?phprequire("config.php");$con = mysql_connect(DB_HOST, DB_USER, DB_PASS);if (!$con){  die('Could not connect: ' . mysql_error());}if ($_GET["function"] == "LogIn"){		mysql_select_db(DB_NAME, $con) or die('Could not find Database: ' . mysql_error());		$username=$_POST['username'];	$password=md5($_POST['password']);		$login_result = mysql_query("SELECT * FROM USER_DB_TABLE WHERE username='$username' and password='$password'", $con);	$count = mysql_num_rows($login_result);		if($count == 1){				$_SESSION['username'] = $login_result['username'];		$_SESSION['password'] = $login_result['password'];		$_SESSION['rank'] = $login_result['rank'];				header("location:index.php");			}else {				echo "Wrong Username or Password";			}	}else{header("location:login.php");}mysql_close($con);?>

Edited by borgen44
Link to comment
Share on other sites

It means that something in your query is wrong. Maybe there's no 'username' or 'password' field, or the strings have invalid characters such as apostrphes in them.Because you're not sanitizing your variables, people could use your application to hack the databaseecho the query and see what it shows:

echo "SELECT * FROM USER_DB_TABLE WHERE username='$username' and password='$password'"

Link to comment
Share on other sites

Speaking of sanitizing, is using htmlspecialchars($string) enough? When I read the variables, I have learned (from my book) to also stripslashes()...is the combination enough (in conjunction with some kind of regular expression to match valid e-mail addresses, etc.)?

Link to comment
Share on other sites

Speaking of sanitizing, is using htmlspecialchars($string) enough? When I read the variables, I have learned (from my book) to also stripslashes()...is the combination enough (in conjunction with some kind of regular expression to match valid e-mail addresses, etc.)?
You only need htmlspecialchars() if you're going to display the information on an HTML page.You would not strip slashes, you'd actually have to add them if you want the query to be safe.But rather than addslashes(), use mysql_real_escape_string(). It is safer because it checks the database character encoding. Don't use them both at the same time, though, because then you'll get extra slashes in the database. Edited by Ingolme
Link to comment
Share on other sites

I will likely be outputting the information in an HTML page at some point. So, use either htmlspecialchars() or mysqli_real_escape_string() OR use either addslashes() or mysqli_real_escape_string()? I think you mean the latter, but it's worth checking.

Link to comment
Share on other sites

I will likely be outputting the information in an HTML page at some point. So, use either htmlspecialchars() or mysqli_real_escape_string() OR use either addslashes() or mysqli_real_escape_string()? I think you mean the latter, but it's worth checking.
The ones you don't use together are addslashes() and mysql_real_escape_string(). This is why:Given this string
"Example sentence testing PHP's functions"

Passed through addslashes():

\"Example sentence testing PHP\'s functions\"

And then passed through mysql_real_escape_string():

\\\"Example sentence testing PHP\\\'s functions\\\"

Therefore, you should only use one of the functions. And since the text is being prepared for a database, mysql_real_escape_string is more appropriate.htmlspecialchars is recommended as long as you're going to put the database information on an HTML page, so that visitors can't add extra HTML to your page.

Edited by Ingolme
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...