Hi there.
I have a problem getting the following code to work:
PHP Code:
// username and password sent from form
$email=$_POST['email'];
$mobile=$_POST['mobile'];
// To protect MySQL injection
$email = stripslashes($email);
$mobile = stripslashes($mobile);
$email = mysql_real_escape_string($email);
$mobile = mysql_real_escape_string($mobile);
$result=mysql_query("SELECT * FROM users WHERE email==$email AND mobile==$mobile");
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If $result matched $email and $mobile, table row must be 1 row
if($count==1){
// Register $email, $mobile and redirect to file "myTTX.php"
//session_register['email'];
$_SESSION['email']=$email;
//session_register['mobile'];
$_SESSION['mobile']=$mobile;
header("location:myTTX.php");
}
else {
echo"Wrong Username or Password";
}
?>
Currently, I get an error message "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource".
thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =
I've switched careers...
I'm NO LONGER a scientist,
but now a web developer...
awesome.
thraddash isn't wrong, but the explanation as to what's wrong with the query isn't that the variables need to be separated from the string (the variables will be expanded as long as they are inside a double quoted string, which they are), it's that there's no such comparison operator as == in MySQL, it's just a single =
Thats not the only thing I did, I also placed each variable inside double quotes.
So, following your advice about quotes at least, it looks like this...
PHP Code:
$result=mysql_query('SELECT * FROM wkho_TTX.users WHERE email="$email" AND mobile="$mobile"');
...
No dice. I'm interested in why the variables need to be in single and double quotes? I've never seen that before
No, that will not work. You have placed your double quotes inside the single quotes and your variables are still part of the string. So the variables will not be converted. If you really want to write it out like that you should invert the quotes.
PHP Code:
$result=mysql_query("SELECT * FROM wkho_TTX.users WHERE email='$email' AND mobile='$mobile'");
You require the quotes around your variables because you are comparing string values, numbers do not need them. And you are placing the whole lot in a pair of quotes because PHP needs to pass the query to the database engine as a string.
I just prefer not to use the string parsing feature of PHP.
[RESOLVED] MySQL: What's wrong with this query?
Reply With Quote
Originally Posted by aj_nsc
Bookmarks