[RESOLVED] MySQL: What's wrong with this query?

Printable View

12-13-2010, 05:02 PM
AliHurworth

[RESOLVED] MySQL: What's wrong with this query?

Hi there.
I have a problem getting the following code to work:

PHP Code:

// username and password sent from form $email=$_POST['email']; $mobile=$_POST['mobile']; // To protect MySQL injection $email = stripslashes($email); $mobile = stripslashes($mobile); $email = mysql_real_escape_string($email); $mobile = mysql_real_escape_string($mobile); $result=mysql_query("SELECT * FROM users WHERE email==$email AND mobile==$mobile"); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If $result matched $email and $mobile, table row must be 1 row if($count==1){ // Register $email, $mobile and redirect to file "myTTX.php" //session_register['email']; $_SESSION['email']=$email; //session_register['mobile']; $_SESSION['mobile']=$mobile; header("location:myTTX.php"); } else { echo"Wrong Username or Password"; } ?>

Currently, I get an error message "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource".

Can anyone point me in the right direction?
12-13-2010, 05:36 PM
thraddash

Im just pointing out an obvious one...

Code:

$result = mysql_query('SELECT * FROM users WHERE email="' . $email . '" AND mobile="' . $mobile . '"');
12-13-2010, 05:44 PM
aj_nsc

thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =
12-13-2010, 05:46 PM
thraddash

Quote:

Originally Posted by aj_nsc

thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =

Thats not the only thing I did, I also placed each variable inside double quotes.
12-13-2010, 06:12 PM
AliHurworth

Okay...

So, following your advice about quotes at least, it looks like this...

PHP Code:

$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"');

...
No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before
12-13-2010, 06:18 PM
thraddash

Quote:

Originally Posted by AliHurworth

So, following your advice about quotes at least, it looks like this...

PHP Code:

$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"');

...
No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before

No, that will not work. You have placed your double quotes inside the single quotes and your variables are still part of the string. So the variables will not be converted. If you really want to write it out like that you should invert the quotes.

PHP Code:

$result=mysql_query("SELECT * FROM wkho_TTX.users WHERE email='$email' AND mobile='$mobile'");

You require the quotes around your variables because you are comparing string values, numbers do not need them. And you are placing the whole lot in a pair of quotes because PHP needs to pass the query to the database engine as a string.

I just prefer not to use the string parsing feature of PHP.
12-13-2010, 06:27 PM
AliHurworth

I see...

Thanks to both of you.
This is the code that worked:

PHP Code:

$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="'.$email.'" AND mobile="'.$mobile.'"');

So, the deal is that the query string is just that: I'm passing something to MySQL to work on, which makes sense.

Cheers!