Okay so i have to make a signup form and i have pretty much everything finished but i keep getting this error Warning: mysql_num_rows() expects parameter 1 to be resource. I keep getting this error on my $checkUserQuery & $checkEmailQuery and don't know how to fix it. Any Suggestions?

<?php
    $db_name = "htmldb";
    $tbl_name = "phplogin";


    //connect to database
    $conn = mysql_connect("localhost","root","");
    mysql_select_db("$db_name");

    //post back to database and checks userName 
    //and email for no duplicates in database
    if($_POST['submit']){
        $first = $_POST['firstName'];
        $last = $_POST['lastName'];
        $user = $_POST['userName'];
        $pass = $_POST['p'];
        $email = $_POST['email'];
        $checkUserQuery = mysql_query("SELECT * FROM $tbl_name WHERE userName = '$user'"); 
        $checkEmailQuery = mysql_query("SELECT * FROM $tbl_name WHERE email = '$email'");

        if(!$first OR !$last OR !$user OR !$pass OR !$email)
        {
            echo("Error: Please make sure all fields are filled out!");
        }
        elseif(mysql_num_rows($checkUserQuery) > 0)
        {
            echo("Error: Username already exists!");
        }
        elseif(mysql_num_rows($checkEmailQuery) > 0)
        {
            echo("Error: E-mail Address has already been used please user another one!");
        }
        else 
        {
            $query = mysql_query("INSERT INTO phplogin
                VALUES(".$first.",'".$last."','".$user."','".$pass."','".$email."')");
            echo("Sign Up Successful!");
        }
    }
?>

Well that's probably because something has gone wrong while executing your query. Try adding OR exit(mysql_error()) to your query lines, so that it would become, for example:

$checkUserQuery = mysql_query("SELECT * FROM $tbl_name WHERE userName = '$user'") OR exit(mysql_error());

$checkEmailQuery = mysql_query("SELECT * FROM $tbl_name WHERE email = '$email'") OR exit(mysql_error());

And see if that returns any errors.

Also you might want to consider escaping user-input by using mysql_real_escape_string(). For example:

$first = mysql_real_escape_string($_POST['firstName']);

Also check if all input values exist. You are using these values in queries and if user did not enter all of them you will get strange results.

// check if anything was entered (you might apply other checks and validations)
if(isset($_POST['firstName']) && !empty($_POST['firstName'])) {
    // if yes, trim the entry (user might not be aware that he entered some spaces) 
    // and escape it (security against injections is very very important)
    $first = mysql_real_escape_string(trim($_POST['firstName']));
} else {
    // display an error message
    die('Error: You must enter first name!');
}
// do that or all fields
...

Your last query might be wrong (missing some single quotes). I would do it this way (easier to debug):

 $insQuery = "INSERT INTO phplogin VALUES('$first', '$last', '$user', '$pass', '$email')";
 $query = mysql_query($insQuer);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.