[RESOLVED] MySQL: What's wrong with this query?
I have a problem getting the following code to work:
Currently, I get an error message "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource".
// username and password sent from form
// To protect MySQL injection
$email = stripslashes($email);
$mobile = stripslashes($mobile);
$email = mysql_real_escape_string($email);
$mobile = mysql_real_escape_string($mobile);
$result=mysql_query("SELECT * FROM users WHERE email==$email AND mobile==$mobile");
// Mysql_num_row is counting table row
// If $result matched $email and $mobile, table row must be 1 row
// Register $email, $mobile and redirect to file "myTTX.php"
echo"Wrong Username or Password";
Can anyone point me in the right direction?
Im just pointing out an obvious one...
$result = mysql_query('SELECT * FROM users WHERE email="' . $email . '" AND mobile="' . $mobile . '"');
thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =
I've switched careers...
I'm NO LONGER a scientist,
but now a web developer...
Thats not the only thing I did, I also placed each variable inside double quotes.
Originally Posted by aj_nsc
So, following your advice about quotes at least, it looks like this...
$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"');
No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before
No, that will not work. You have placed your double quotes inside the single quotes and your variables are still part of the string. So the variables will not be converted. If you really want to write it out like that you should invert the quotes.
Originally Posted by AliHurworth
You require the quotes around your variables because you are comparing string values, numbers do not need them. And you are placing the whole lot in a pair of quotes because PHP needs to pass the query to the database engine as a string.
$result=mysql_query("SELECT * FROM wkho_TTX.users WHERE email='$email' AND mobile='$mobile'");
I just prefer not to use the string parsing feature of PHP.
Thanks to both of you.
This is the code that worked:
So, the deal is that the query string is just that: I'm passing something to MySQL to work on, which makes sense.
$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="'.$email.'" AND mobile="'.$mobile.'"');
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread