www.webdeveloper.com
Results 1 to 7 of 7

Thread: [RESOLVED] MySQL: What's wrong with this query?

Hybrid View

  1. #1
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78

    resolved [RESOLVED] MySQL: What's wrong with this query?

    Hi there.
    I have a problem getting the following code to work:
    PHP Code:
    // username and password sent from form
    $email=$_POST['email'];
    $mobile=$_POST['mobile'];

    // To protect MySQL injection
    $email stripslashes($email);
    $mobile stripslashes($mobile);
    $email mysql_real_escape_string($email);
    $mobile mysql_real_escape_string($mobile);

    $result=mysql_query("SELECT * FROM users WHERE email==$email AND mobile==$mobile");
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If $result matched $email and $mobile, table row must be 1 row

    if($count==1){
    // Register $email, $mobile and redirect to file "myTTX.php"
    //session_register['email'];
    $_SESSION['email']=$email;
    //session_register['mobile'];
    $_SESSION['mobile']=$mobile;
    header("location:myTTX.php");
    }
    else {
    echo
    "Wrong Username or Password";
    }
    ?> 
    Currently, I get an error message "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource".

    Can anyone point me in the right direction?

  2. #2
    Join Date
    Aug 2009
    Posts
    593
    Im just pointing out an obvious one...

    Code:
    $result = mysql_query('SELECT * FROM users WHERE email="' . $email . '" AND mobile="' . $mobile . '"');

  3. #3
    Join Date
    Dec 2005
    Posts
    2,984
    thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =

  4. #4
    Join Date
    Aug 2009
    Posts
    593
    Quote Originally Posted by aj_nsc View Post
    thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =
    Thats not the only thing I did, I also placed each variable inside double quotes.

  5. #5
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78

    Okay...

    So, following your advice about quotes at least, it looks like this...
    PHP Code:
    $result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"'); 
    ...
    No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before

  6. #6
    Join Date
    Aug 2009
    Posts
    593
    Quote Originally Posted by AliHurworth View Post
    So, following your advice about quotes at least, it looks like this...
    PHP Code:
    $result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"'); 
    ...
    No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before
    No, that will not work. You have placed your double quotes inside the single quotes and your variables are still part of the string. So the variables will not be converted. If you really want to write it out like that you should invert the quotes.

    PHP Code:
    $result=mysql_query("SELECT * FROM wkho_TTX.users WHERE email='$email' AND mobile='$mobile'"); 
    You require the quotes around your variables because you are comparing string values, numbers do not need them. And you are placing the whole lot in a pair of quotes because PHP needs to pass the query to the database engine as a string.

    I just prefer not to use the string parsing feature of PHP.

  7. #7
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78

    I see...

    Thanks to both of you.
    This is the code that worked:
    PHP Code:
    $result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="'.$email.'" AND mobile="'.$mobile.'"'); 
    So, the deal is that the query string is just that: I'm passing something to MySQL to work on, which makes sense.

    Cheers!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles