Member Avatar for Gabe13

Okay so i have to make a signup form and i have pretty much everything finished but i keep getting this error Warning: mysql_num_rows() expects parameter 1 to be resource. I keep getting this error on my $checkUserQuery & $checkEmailQuery and don't know how to fix it. Any Suggestions?

<?php
    $db_name = "htmldb";
    $tbl_name = "phplogin";


    //connect to database
    $conn = mysql_connect("localhost","root","");
    mysql_select_db("$db_name");

    //post back to database and checks userName 
    //and email for no duplicates in database
    if($_POST['submit']){
        $first = $_POST['firstName'];
        $last = $_POST['lastName'];
        $user = $_POST['userName'];
        $pass = $_POST['p'];
        $email = $_POST['email'];
        $checkUserQuery = mysql_query("SELECT * FROM $tbl_name WHERE userName = '$user'"); 
        $checkEmailQuery = mysql_query("SELECT * FROM $tbl_name WHERE email = '$email'");

        if(!$first OR !$last OR !$user OR !$pass OR !$email)
        {
            echo("Error: Please make sure all fields are filled out!");
        }
        elseif(mysql_num_rows($checkUserQuery) > 0)
        {
            echo("Error: Username already exists!");
        }
        elseif(mysql_num_rows($checkEmailQuery) > 0)
        {
            echo("Error: E-mail Address has already been used please user another one!");
        }
        else 
        {
            $query = mysql_query("INSERT INTO phplogin
                VALUES(".$first.",'".$last."','".$user."','".$pass."','".$email."')");
            echo("Sign Up Successful!");
        }
    }
?>
  • 3 Contributors
  • 2 Replies
  • 237 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by broj1
Member Avatar for minitauros

Well that's probably because something has gone wrong while executing your query. Try adding OR exit(mysql_error()) to your query lines, so that it would become, for example:

$checkUserQuery = mysql_query("SELECT * FROM $tbl_name WHERE userName = '$user'") OR exit(mysql_error());

$checkEmailQuery = mysql_query("SELECT * FROM $tbl_name WHERE email = '$email'") OR exit(mysql_error());

And see if that returns any errors.

Also you might want to consider escaping user-input by using mysql_real_escape_string(). For example:

$first = mysql_real_escape_string($_POST['firstName']);

Edited by minitauros
Member Avatar for broj1

Also check if all input values exist. You are using these values in queries and if user did not enter all of them you will get strange results.

// check if anything was entered (you might apply other checks and validations)
if(isset($_POST['firstName']) && !empty($_POST['firstName'])) {
    // if yes, trim the entry (user might not be aware that he entered some spaces) 
    // and escape it (security against injections is very very important)
    $first = mysql_real_escape_string(trim($_POST['firstName']));
} else {
    // display an error message
    die('Error: You must enter first name!');
}
// do that or all fields
...

Your last query might be wrong (missing some single quotes). I would do it this way (easier to debug):

 $insQuery = "INSERT INTO phplogin VALUES('$first', '$last', '$user', '$pass', '$email')";
 $query = mysql_query($insQuer);
Edited by broj1
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.