Warning: mysql_num_rows(): supplied argument is not a valid MySQL result

Question

SuperioAssassin 0 Newbie Poster

17 Years Ago

I have been looking at this code for some time and just can not figure anything wron with it.

My Error Message is: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /hsphere/local/home/gwthorn/htpsinc-web.com/York_County/login.php on line 13

I commeted 13

<?php
session_start();

//The fields are censored but the database does connect.

mysql_connect("-censored-","-censored-","-censored"); 
mysql_select_db("-censored-");

if(isset($_POST['login'])) {
$username = htmlspecialchars($_POST['username'], ENT_QUOTES);
$password = htmlspecialchars($_POST['password'], ENT_QUOTES);
$password = md5($password);
$sql = mysql_query("SELECT * FROM user_system WHERE username='$username' AND password='$password'");

if(mysql_num_rows($sql)>0) { //!!!!!!!!!!!!!!!!!!!!!!!!Line 13
$_SESSION['auth'] = true;
setcookie("avxsystem_user",$username,time()+30*30*30*30*365);
setcookie("avxsystem_pass",$password,time()+30*30*30*30*365);
echo "<p>Login Successful</p>";
}

else {
echo "<p>Sorry, you are unable to login because you have got your username/password combination wrong. Please check spelling & try again.";
}
}
else {
echo $message;
}
?>

mysql php

5 Contributors
4 Replies
143 Views
1 Day Discussion Span
Latest Post 17 Years Ago Latest Post by dr4g

stymiee 111 He's No Good To Me Dead

17 Years Ago

That means your query failed. Echo it out and look for an error or use mysql_error() to see what the error is.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

omick16 1 Newbie Poster · Answer 1 · 2007-05-08T17:47:59+00:00

i'm not so sure though, but i guess, there's something wrong in your query... with regards to the proper usage of single quotation marks... single quotation marks will be taken literally so for example '$username' is the same as $username (literally) while "$username" will be taken by it's value so for example if $username=50; echo "$username"; ---> the output is 50.

hmmm... i'm not so sure bout this though... i'm still a student...

johny_d 23 Junior Poster in Training · Answer 2 · 2007-05-08T19:43:18+00:00

The quotes are ok.
I think your problem comes from that

htmlspecialchars

piece of code, because if you give an echo to

[B]htmlspecialchars([/B]$_POST[B][[/B]'username'[B]][/B], ENT_QUOTES[B])[/B];

before entering it in the mysql query you will probably see your username string contains at least one # charcater (the password is hashed anyway so doesn't have this problem).

Anyway, if your username string contains a # character, in mysql everything after that char is considered a comment so your sql statement is broken in that point and that's why you get this error.

I suggest you test it first with some simple, clean strings (user: abcd, pass: xyzw) and without

[B]htmlspecialchars[/B]

and see if it works and after that go to more complicated stuff.

dr4g 25 Junior Poster · Answer 3 · 2007-05-09T00:37:50+00:00

johy_d is right. Your problem could well lie within the htmlspecialchars() function.

Only way to identify this is.
Instead of putting the query directly into mysql_query().

Do.

$query = "SELECT * FROM table";
/* This will output your query then exit the script */.
echo $query; exit;
/* run query with mysql error  functionallity */ 
$ret = mysql_query($query) or die(mysql_error());

NOTE: After observing your query, you'll need to remote the exit; or the "echo $query; exit;" So that execution can continue onto the mysql_query() function.

Identify what is working first, before trying to figure out what isnt working.

Any questions just ask.