Warning: mysql_num_rows() expects parameter 1 to be resource

Question

ElliottDuke 0 Newbie Poster

13 Years Ago

Hello all,
I have searched this forum to find the answer to my question however none of the answers seem relevant so here we go:

I am building a member service however when coding the login.php script, I keep coming across this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /(DIRECTORY)/login.php on line 67

The code in question is:

<?php
					if ($_POST['submit-login'])
{
	$user_retrieve = mysql_query("SELECT * FROM `users` WHERE
	`username` = '" . mysql_escape_string($_POST['username']) . "' &&
	`password` = '" . mysql_escape_string(md5(SALT_KEY .
	$_POST['password'] . SALT_KEY)) . "'");
	
	if (mysql_num_rows($user_retrieve))
	{
		$ur = mysql_fetch_array($user_retrieve);
		$session_retrieve = mysql_query("SELECT * FROM `user_sessions`
		WHERE `session_id` = '" .
		mysql_escape_string($_COOKIE['PHPSESSID']) . "' && `ip_address` = '" .
		mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "'");
		if (mysql_num_rows($session_retrieve))
		{
			echo "You are already logged in. <a href='members-area.php'>Click Here</a>";
		}
			else
		{
		if (empty($_COOKIE['PHPSESSID']))
		{
		echo "Unknown Error, Please try enabling cookies.";
		}else{
			$create_session = mysql_query("INSERT into `user_sessions` (session_id, ip_address, uid) values ('".mysql_escape_string($_COOKIE['PHPSESSID'])."', '" . mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "', '" . mysql_escape_string($ur['id']) . "');");
			echo "You have successfully logged in. <a href='members-area.php'>Click Here</a>";
		}
		}
		}
		else
		{			echo "Invalid Username or Password.";
		}
	}
?>

with this at the start of the document:

<?php
session_start();
include ("configuration.php");
?>

and configuration.php is set up correctly.

Could someone please help me with the problem and explain why the error is appearing as I am moderately new to php and would like to learn from my mistake.

Thanks!

mysql php

5 Contributors
5 Replies
280 Views
2 Days Discussion Span
Latest Post 13 Years Ago Latest Post by ElliottDuke

urtrivedi 276 Nearly a Posting Virtuoso

13 Years Ago

post both files here configuration.php and index.php

vibhaJ 126 Master Poster

13 Years Ago

Debug your code with echo.
echo both select script and run it in phpmyadmin.
Post what you are getting.

<?php
					if ($_POST['submit-login'])
{
	$sql = "SELECT * FROM `users` WHERE
	`username` = '" . mysql_escape_string($_POST['username']) . "' &&
	`password` = '" . mysql_escape_string(md5(SALT_KEY .	$_POST['password'] . SALT_KEY)) . "'";
	echo 'First Query : <br> :'.$sql;
	
	$user_retrieve = mysql_query($sql);
	
	if (mysql_num_rows($user_retrieve))
	{
		$ur = mysql_fetch_array($user_retrieve);
		$sql = "SELECT * FROM `user_sessions` WHERE `session_id` = '".mysql_escape_string($_COOKIE['PHPSESSID'])."' && `ip_address` = '".mysql_escape_string($_SERVER["REMOTE_ADDR"])."'";
		echo 'Second Query : <br> :'.$sql;
		exit;
		
		$session_retrieve = mysql_query($sql);
		if (mysql_num_rows($session_retrieve))
		{
			echo "You are already logged in. <a href='members-area.php'>Click Here</a>";
		}
			else
		{
		if (empty($_COOKIE['PHPSESSID']))
		{
		echo "Unknown Error, Please try enabling cookies.";
		}else{
			$create_session = mysql_query("INSERT into `user_sessions` (session_id, ip_address, uid) values ('".mysql_escape_string($_COOKIE['PHPSESSID'])."', '" . mysql_escape_string($_SERVER["REMOTE_ADDR"]) . "', '" . mysql_escape_string($ur['id']) . "');");
			echo "You have successfully logged in. <a href='members-area.php'>Click Here</a>";
		}
		}
		}
		else
		{			echo "Invalid Username or Password.";
		}
	}
?>

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

karthik_ppts 81 Posting Pro · Answer 1 · 2011-06-24T11:00:54+00:00

In which line in the above code you tot this error? 9 or 16

blocblue 238 Posting Pro in Training Featured Poster · Answer 2 · 2011-06-24T14:27:25+00:00

I wasn't aware you could use && in SQL queries (see line 14). Change it to AND instead.

Also, you say you searched the forum; the first post in this forum (at the top of the page tackles the same issue), and searching for the exact title of your post found half a dozen matches. Did you read through these?

ElliottDuke 0 Newbie Poster · Answer 3 · 2011-06-26T02:24:20+00:00

Turns out I had mistakenly named 'ip_address' when it should have been 'ip'. Problem solved. Thankyou all!