PHP Script Error?

Hi, I'm getting the following error:

In reply to:

---

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.fozzy/tojikyoto/lmavclub.com/members/login.php on line 23

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/.fozzy/tojikyoto/lmavclub.com/members/login.php on line 32
Your username and/or password were not correct. Please try again.

---

Here's the code for login.php

In reply to:

---

<?php

// start session
session_start();

// get variables from login script
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = $_POST['password'];

// check to see if submit button on index.php was pressed
if (isset($submit))
{
require("./include/functions.inc.php");
$password = md5($password);

//connect to database
connect_db();

// query information
$sql = "SELECT userid,username,password,userlevel,deleted FROM user WHERE username='$username' AND deleted != 1";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);

// if there is more than one entry with the same username, exit with error
if ($numrows > 1)
{
die("There is something wrong. There is more than one user with that username. Please contact the system administrator with this error. Thanks.");
}

// get fields and set to variables
$result = mysql_fetch_object($query);
$dbuserid = $result->userid;
$dbusername = $result->username;
$dbpassword = $result->password;
$dbuserlevel = $result->userlevel;

// if everything is correct, then set session variables and log in
if ($username == $dbusername && $password == $dbpassword)
{
$_SESSION['loggedin'] = 1;
$_SESSION['userid'] = $dbuserid;
$_SESSION['userlevel'] = $dbuserlevel;

// insert date into login_log
include("./include/config.inc.php");
$ipaddy = $_SERVER['REMOTE_ADDR'];
$date = date('l, F j, Y', $time);
$date2 = date('H:i:s', $time);
$query = mysql_query("INSERT INTO login_log SET userid='$dbuserid',date='$date',time='$date2',page='$PHP_SELF',ip='$ipaddy',fail=0");

echo "<meta http-equiv='refresh' content='0;URL=./home.php'>";
}
else
{

// insert date into login_log
include("./include/config.inc.php");
$ipaddy = $_SERVER['REMOTE_ADDR'];
$date = date('l, F j, Y', $time);
$date2 = date('H:i:s', $time);
$query = mysql_query("INSERT INTO login_log SET userid='$dbuserid',date='$date',time='$date2',page='$PHP_SELF',ip='$ipaddy',fail=1");

echo "Your username and/or password were not correct. Please try again.";
echo "<meta http-equiv='refresh' content='2;URL=./index.php'>";
}

// disconnect from database
mysql_close();
}
// if submit button was not pressed, tell them to login correctly
else
{
echo "You need to login. Please <a href='./index.php'>go back</a> and try again";
echo "<meta http-equiv='refresh' content='3;URL=./index.php'>";
}

?>

---

Can anyone see the problem?

You haven't defined (or included) the function connect_db().

Here is the code for funtion.inc.php... it is required by the other script no? And if I'm only getting errors on those two lines - wouldn't I have gotten more when working with the database.... Maybe I'm just confused

In reply to:

---

<?php

function connect_db()
{
require("config.inc.php");
$db_connect = mysql_connect("$db_host", "$db_username", "$db_password") or die("I cannot connect to the database because: " . mysql_error());
mysql_select_db($database,$db_connect);
return $db_connect;
}

?>

---

According to the original script you posted, you have not defined the function. The new script you posted is correct, but absent from the original script.

Simon: Line 14 of the original code posted, four lines above the call to connect_db():

require("./include/functions.inc.php");

And to the original poster, are you aware your "// insert date into login_log" section appears in this code twice? You probably want to fix that.

In reply to:

---

Line 14 of the original code posted, four lines above the call to connect_db():

require("./include/functions.inc.php");

---

Oops. My bad. I feel small and silly-looking. I'll ask my wife to kick me in the ass when she gets home.

Maybe the $db_connect resource is needed for the query? I routinely do something like this:

$result = mysql_query($sql,$db_connect) or die("Could not perform query: ".mysql_error());

You shouldn't have to do that, but maybe it is just being picky.

I didn't personally write this section of the code, someone I work with did and said that it worked before. Now I get the above errors when I attempt to host it for my school.

As to the 'twice' thing. If you look closely one if for a success and the other for a failed login.

And I'll try that scjessey

Edited by tojikyoto on 10/12/06 04:08 PM (server time).

In reply to:

---

As to the 'twice' thing. If you look closely one if for a success and the other for a failed login.

---

Ahh, I see. Code is much easier to read with proper indentation, isn't it?

Yes, yes it is. But in my laziness of copying and pasting the code from Dreamweaver... indentation went to the fishes.

scjessey,

When I put in the code as you had it setup, I got another error from the line I added it to. So that didn't work, I'm also confused about all the debate of connecting to databases, etc. when the errors are on two lines specifically... so what's wrong with those lines? To me I don't think its connecting to the database or anything like that, because line 22 runs smoothly:

$query = mysql_query($sql);

So what's wrong with those two lines? Anyone have any ideas?

Be careful making assumptions that line numbers in the error messages are completely accurate. There is a huge amount of "best-guessing" going on, and it's not exact many times.

If you have invalid sql or insufficient table privileges, mysql_query() fails by returning false instead of a recordset. That means line 22 only appears to run smoothly, and you throw an error because you're trying to handle the scalar value of false as a recordset.

I bet if you replace line 23 with echo($query); you'll see what I mean.

In a case like this, I usually echo out my completed querystring, log into phpMyAdmin with whatever credentials my page is using to authenticate, and trying running the query from there.

http://benconley.net
http://teamshocker.com

In reply to:

---

line 22 runs smoothly:

$query = mysql_query($sql);

---

Not necessarily. The variable is being assigned smoothly, but is the query running properly? Check the value of $query and make sure it is a proper resource.

Okay, I threw together a testing script with just the required function.inc.php, connect to the database, and then the echo of the querying to that point.

Here's the error:

In reply to:

---

Parse error: syntax error, unexpected T_VARIABLE in /home/.fozzy/tojikyoto/lmavclub.com/test.php on line 7

---

Here's all the code for test.php

<?php

require("./include/functions.inc.php");
$password = md5($password);

$sql = "SELECT userid,username,password,userlevel,deleted FROM user WHERE username='$username' AND deleted != 1";s
	$query = mysql_query($sql);
	echo($query);
?>

What is that "s" on the end of the $sql assignment line?

That was an error on my part, I added the s when I was moving the script to the forum window.

This code from test.php:

<?php

require("./include/functions.inc.php");
$password = md5($password);

connect_db();

$sql = "SELECT userid,username,password,userlevel,deleted FROM user WHERE username='$username' AND deleted != 1";
	$query = mysql_query($sql);
	echo($query);
?>

When sent through Firefox - gives no result. The page rendered is blank. Nothing, nadda, zip. Could that mean that its working fine?

Lemme know, please?

Edited by tojikyoto on 10/13/06 02:37 PM (server time).

In reply to:

---

Could that mean that its working fine?

---

No, that means the query is failing, and assigning the value of false to $query. If you were getting a valid recordset back, echo would display a resource id for it.

Example:

echo(false);
	output: Blank
echo($rsNoteTypes);
	output: Resource id #7

This code will loop over a valid recordset and show what is returned:

while ($row = mysql_fetch_array($rsNoteTypes, MYSQL_ASSOC)) {
	while (list($rowkey, $rowval) = each($row)) {
		echo($rowkey.'-->'.$rowval);
	}
}

http://benconley.net
http://teamshocker.com

This is off-topic, but shouldn't you be escaping $username before using it in an SQL query?

__________
Hug me!

I don't know if you resolved this or not, but my suggestion is that you grab the conection resource you return from the connect_db() function, then pass that into your query statement.

Scoping is weird with database stuff in PHP... since you're making the connection in a function call, even though you're returning the resource value, it's kind of just evaporating sincce you never catch it in the calling code.

So, change your line to something like $res = connect_db(); At the very least you'll know that you still have the handle.

This also assumes that the sql is valid and you have permissions to connect to the database as that user from that host. Mysql permissions are funky, sometimes. If the database you're trying to use expects 'user@foo' and you're doing just 'user' or 'user@localhost', for example, it won't connect.

One debugging thing to use is mysql_error after each mysql connect, select db, and query call (http://us3.php.net/manual/en/function.mysql-error.php) to see what exactly is happening.


And I guess (looking at the post's date) if you've already solved your error, nevermind :)