Column count doesn't match value count at row 1

I see this error: "Column count doesn't match value count at row 1",
Can you help me figure out why?

<?php
error_reporting (0);
include_once ('classes/config.php');
include_once ('includes/reserved_names.php');
$user_ip    = mysql_escape_string($_SERVER['REMOTE_ADDR']);

if ( $enable_forum == 1 ) header("Location: " . $smf_bridge_register);

$send_confirm_email = $config['enabled_features_confirmation_email'] ;

// define access for loading non display php files
define('access',true);

$ahah            = 1;
$show_register    = '';
$load_ajax        = '';
$form_submitted    = '';
$action        = '';
$new_user_name    = '';
$account_type     = '';
$first_name        = '';
$last_name         = '';
$email_address     = '';
$email_address2     = '';
$user_name         = '';
$password         = '';
$confirm_password = '';
$country_list    = '';
$dob_month        = '';
$dob_day        = '';
$dob_year        = '';
$zip_code        = '';
$birthday        = '';
$error_message     = '';
$checked         = '';

$show_register    = 1;
$load_ajax        = 1;
$procede         = true;
$action        = mysql_real_escape_string( $_GET['action'] );
$new_user_name    = mysql_real_escape_string( $_GET['new_user_name'] );
$site_name         = mysql_real_escape_string($config['site_name']);
$form_submitted    = mysql_real_escape_string( $_POST['form_submitted'] );
$max_len_username    = (int)$config['max_username_length'];

if ( $action == 'check_user' ) {
    $new_user_name    = trim(strtolower($new_user_name));
    if ( $new_user_name == '' ) {
        echo "<font color=\"#EE0000\" size=\"2\"><b>".$config['fill_all_fields']."</b></font>";
        die();
    }
    if ( strlen($new_user_name) < 4 ) {
        echo "<font color=\"#EE0000\" size=\"2\"><b>".$config['username_4_chars']."</b></font>";
        die();
    }
    if ( strlen($new_user_name) > $max_len_username ) {
        echo "<font color=\"#EE0000\" size=\"2\"><b>".$config['username_to_long']."</b></font>";
        die();
    }

    // check against reserved names e.g. -> admin etc... or adult words ban
    if ( in_array( $new_user_name, $reserved_names ) ) {
        echo "<font color=\"#EE0000\" size=\"2\"><b>".$config['username_not_allowed'] ."";
        die();
    }

    $sql        = "SELECT user_name FROM member_profile WHERE user_name = '$new_user_name'";
    $query    = @mysql_query($sql);
    $count    = @mysql_num_rows($query);

    if ( $count > 0 ) {
        echo "<font size=\"2\"><b>$new_user_name</b></font><font color=\"#EE0000\" size=\"2\">&nbsp;<b>=> $lang_not_available</b></font>";
    } else {
        echo "<font size=\"2\"><b>$new_user_name</b></font><font color=\"#00DD00\" size=\"2\">&nbsp;<b>=> $lang_available </b></font>";
    }

    @mysql_free_result($result);
    @mysql_close();
    die();
}

if ( $action == 'show_country' ) {
    $country_fields_all    = '';
    $show_fields        = '';
    $country_list         = file('includes/country.list');

    foreach ( $country_list as $country_select )
    {
        $country_fields_all = $country_fields_all . $country_select;
    }

    $show_fields  = '<div style="margin-left:30px; float:left;"><b>'.$lang_country.':</b></div>';
    $show_fields .= '<div style="margin-left:95px; float:left;" id="country_list">';
    $show_fields .= '<select class="FormSpecialInput_1" id="country_list" name="country_list" style="font-size: 9pt; width:128px; height:20px; font-weight:bold; color:#444444; letter-spacing: 1; border: 1px solid #DFDCDC; background-color: #FDFDFD">';
    $show_fields .= $country_fields_all;
    $show_fields .= '</select></div>';

    echo $show_fields;
    die();
}

if ( $procede == true ) {

    $account_type     = 'Standard';
    $first_name        = trim(mysql_real_escape_string( $_POST['first_name'] ));
    $last_name         = trim(mysql_real_escape_string( $_POST['last_name'] ));
    $email_address     = trim(mysql_real_escape_string( $_POST['email_address'] ));
    $email_address2     = trim(mysql_real_escape_string( $_POST['email_address2'] ));
    $user_name         = trim(mysql_real_escape_string( $_POST['user_name'] ));
    $password         = trim(mysql_real_escape_string( $_POST['password'] ));
    $confirm_password = trim(mysql_real_escape_string( $_POST['confirm_password'] ));
    $country_list    = trim(mysql_real_escape_string( $_POST['country_list'] ));
    $dob_month        = (int) mysql_real_escape_string( $_POST['dob_month'] );
    $dob_day        = (int) mysql_real_escape_string( $_POST['dob_day'] );
    $dob_year        = (int) mysql_real_escape_string( $_POST['dob_year'] );
    $zip_code        = (int) mysql_real_escape_string( $_POST['zip_code'] );

    if ( $_POST['terms'] == 'yes' ) {
        $checked = 'checked=\"checked\"';
            $procede = true;

    } else {
        $procede = false;
            $error_message = $config['agree_to_terms'];
    }

    if ( strlen($user_name) < 4 ) {
        $error_message = $config['username_4_chars'];
        $procede = false;
    }
    if ( strlen($user_name) > $max_len_username ) {
        $error_message = $config['username_to_long'];
        $procede = false;
    }

    // check against reserved names e.g. -> admin etc... or adult words ban
    if ( in_array( $user_name, $reserved_names ) ) {
        $error_message = $config['username_not_allowed'];
        $procede = false;
    }

    // dDB birthday must be this format =>2008-09-17
    $birthday        = $dob_year .'-'. $dob_month .'-'. $dob_day;

    foreach ($_POST as $key => $value) {

          if (!isset($value) || ($value == '')) {
                $display_key = @str_replace('_', ' ', $key);
                if ( $display_key == 'zip code' && $value == '' ) {
                    $value = 'none';
                } else {
                    $error_message = $error_message . ' - ' . $display_key . '  '.$lang_required.' ';
                    $procede = false;
                }

            } else {

                  if ( $key == 'email_address2' ) $key = 'email_address';

                    if ( $key !== 'email_address'  && (!eregi("^[ _a-zA-Z0-9-]*$", $value)) ) {
                    $display_key = @str_replace('_', ' ', $key);
                        $error_message = $error_message . ' - ' . $display_key . ' '.$config['invalid_email_text'].' ';
                        $procede = false;
                }

                if ( $key == 'email_address' && !eregi("^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*(\.[a-z]{2,3})$", $value) ) {
                    $display_key = @str_replace('_', ' ', $key);
                        $error_message = $error_message . ' - ' . $display_key . ' '.$config['invalid_email_format'].' ';
                        $procede = false;
                }

                if ( $key == 'user_name' ) {

                    // check against reserved names e.g. -> admin etc... or adult words ban
                    if ( in_array( $user_name, $reserved_names ) ) {
                        $display_key = @str_replace('_', ' ', $key);
                        $error_message = $error_message . ' ' .$config['username_not_allowed'] . ' !';
                        $procede = false;
                    }
                }

            }
        }
}

// checking if emails match
if ( $procede == true ) {
    if ( $email_address !== $email_address2 ) {
          $error_message = ' '.$config['emails_do_not_match'];
            $procede = false;
        }
}

// checking if passwords match
if ( $procede == true ) {
    if ($confirm_password !== $password) {
          $error_message = ' '.$config['password_do_not_match'];
            $procede = false;
        }
}

// checking if username and email is unique
if ( $procede == true ) {

    $sql = "SELECT user_name, email_address FROM member_profile";
        $query = @mysql_query($sql);

    while ($result = (@mysql_fetch_array($query))) {

          if ( !empty($result['user_name']) || !empty($result['email_address']) ) {

              // case insensitive login and registration
                $reg_user_name    = strtolower($user_name);
                $db_user_name     = strtolower($result['user_name']);

                if ($db_user_name == $reg_user_name) {
                        $error_message = ' '.$config['username_is taken'];
                        $procede = false;
                }
                if ( $result['email_address'] == $email_address ) {
                        $error_message = $error_message . ' -'.$config['email_already_exists'];
                        $procede = false;
                    }
           }
    }
}

// if any errors display error message => [var.message_type] - [var.error_message]
if ($procede == false && $form_submitted == 'yes') {
    $message_type    = $lang_error;
        $blk_notification = 1;
        $show_signup = 1;

        $template         = "themes/$user_theme/templates/main_1.htm";
        $inner_template1     = "themes/$user_theme/templates/inner_signup_form.htm";
        $TBS             = new clsTinyButStrong;
        $TBS->NoErr     = true;

        $TBS->LoadTemplate("$template");

        $TBS->Render     = TBS_OUTPUT;
        $TBS->Show();

        @mysql_close();
        die();
}

// START => load page with form
if ( !isset($form_submitted) || ($form_submitted == '') ) {

    $show_signup     = 1;
    $template         = "themes/$user_theme/templates/main_1.htm";
      $inner_template1     = "themes/$user_theme/templates/inner_signup_form.htm";
      $TBS             = new clsTinyButStrong;
      $TBS->NoErr     = true;

      $TBS->LoadTemplate("$template");
      $TBS->Render     = TBS_OUTPUT;
      $TBS->Show();
      die();
}


// if no errors register user and load welcome page
if ($procede == true) {

    if ( strtolower($_POST['captext']) != strtolower($_SESSION['security_code']) ) {

        // POSSIBLE BOT ATTACK => TODO: ADD SECURITY LOG ACTIONS ETC....
        // LOADING TEMPLATE IS MAYBE USELESS SINCE THIS WOULD COME FROM A SCRIPT POST
        // MAYBE SHOULD JUST DO A DIE HERE!

        $message_type    = $lang_error;
        $blk_notification = 1;
            $show_signup     = 0;

            $template         = "themes/$user_theme/templates/main_1.htm";
            $inner_template1     = "themes/$user_theme/templates/inner_signup_form.htm";
            $TBS             = new clsTinyButStrong;
            $TBS->NoErr     = true;

            $TBS->LoadTemplate("$template");
            $TBS->Render     = TBS_OUTPUT;
            $TBS->Show();

            @mysql_close();
            die();

    } else {

        $random_code    = randomcode();
            $password_email    = $password;
            $password        = md5($password);
            $passwordSalt     = substr(md5(rand()), 0, 4);

            if ( $zip_code > '' ) $country_list = 'USA';

        if ( $send_confirm_email == 'yes' ) {

            // insert new user record
            $sql = "INSERT into member_profile (email_address, user_name, password, passwordSalt, first_name, last_name, zip_code, country, user_ip, birthday, account_status, account_type, date_created, random_code)
                      VALUES ('$email_address', '$user_name', '$password', '$passwordSalt', '$first_name', '$last_name', '$zip_code', '$country_list', '$user_ip', '$birthday', 'new', 'standard', NOW(), '$random_code')";

                @mysql_query($sql) or die($config['error_26']);//error

                // get new user_id
                $sql         = "SELECT user_id, email_address, random_code FROM member_profile WHERE random_code = '$random_code' AND email_address = '$email_address'";
                $query     = @mysql_query($sql);

                while ($result = @mysql_fetch_array($query)) $user_id = $result['user_id'];

            // set new user default privacy settings
                $sql        = "INSERT INTO privacy (videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists) VALUES ('yes', 'yes', 'yes', 'yes', 'yes', '$user_id', 'yes', 'yes')";
                $query     = @mysql_query($sql);

            @mysql_close();

            // send email
              $email_template    = 'email_templates/newmember.htm';
              $subject         = $config['email_welcome'];
              $to             = $email_address;
              $from         = $config['notifications_from_email'];

              //send email template to TBS for rendering of variable inside
              $template         = $email_template;
              $TBS             = new clsTinyButStrong;
              $TBS->NoErr     = true;

              $TBS->LoadTemplate("$template");
              $TBS->tbs_show(TBS_NOTHING);
              $message         = $TBS->Source;

              //load postage.php
            define('access',true);
            include ('includes/postage.php');

                // show success
                $notification_type    = $config['notification_success'];
                $message             = $config['registration_success'];
                $blk_notification     = 0;

                $template             = "themes/$user_theme/templates/main_1.htm";
                $inner_template1         = "themes/$user_theme/templates/inner_notification.htm";
                $TBS                 = new clsTinyButStrong;
                $TBS->NoErr         = true;

                $TBS->LoadTemplate("$template");
                $TBS->Render         = TBS_OUTPUT;
                $TBS->Show();

                @mysql_close();
                die();

        // else send confirmation email is off so we complete the regisration process and show sign in message
        } else {

            // insert new user record
            $sql = "INSERT into member_profile (email_address, user_name, password, passwordSalt, first_name, last_name, zip_code, country, birthday, account_status, account_type, date_created, random_code)
                      VALUES ('$email_address', '$user_name', '$password', '$passwordSalt', '$first_name', '$last_name', '$zip_code', '$country_list', '$birthday', 'active', 'standard', NOW(), '$random_code')";

                @mysql_query($sql) or die($config['error_26']);//error

                // get new user_id
                $sql         = "SELECT user_id, email_address, random_code FROM member_profile WHERE random_code = '$random_code' AND email_address = '$email_address'";
                $query     = @mysql_query($sql);

                while ($result = @mysql_fetch_array($query)) $user_id = $result['user_id'];

            // set new user default privacy settings
                $sql        = "INSERT INTO privacy (videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists) VALUES ('yes', 'yes', 'yes', 'yes', 'yes', '$user_id', 'yes', 'yes')";
                $query     = @mysql_query($sql);

            @mysql_close();

            $show_signup    = 0;
            $show_login        = 1;
            $show_action_msg    = 1;

            $message_type    = $config['notification_success'];
               $error_message     = $config['reg_confirm_complete'];
                $action_msg        = $message_type . " - " . $error_message;

                $template         = "themes/$user_theme/templates/main_1.htm";
                $inner_template1     = "themes/$user_theme/templates/inner_signup_form.htm";
                $TBS             = new clsTinyButStrong;
                $TBS->NoErr     = true;
            $TBS->LoadTemplate("$template");
                $TBS->Render     = TBS_OUTPUT;
                $TBS->Show();

               @mysql_close();
                die();
        }
    }// end captcha check if

}

?>

PHP:

 

Hm. I haven't used mysql_ for a long time, (neither should you, update your code, man), but I think you have to fetch the result before you can do mysql_num_rows on the result, not the query.

 

Thanks for your reply, however, I don't understand "you have to fetch the result before you can do mysql_num_rows on the result, not the query". Can you clarify? Much thanks

 

Well. I'll see if I can rewrite the whole thing. What you have there is a train wreck, and should really be thrown in the trash.

 

Nevermind - that is really a trainwreck, and I can't really fix it without seeing the whole picture.
But, to fix the error, you can do this:
change the following (line 68):

$query = @mysql_query($sql);
$count = @mysql_num_rows($query);

PHP:

to this:

$query  = @mysql_query($sql);
$result  = @mysql_fetch_assoc($query);
$count  = @mysql_num_rows($result);

PHP:

and see if that fixes the problem.

 

Thanks for your replies.
This is not code I created.
But, can you tell me what your additional line of code does, please?

 

It fetches the resulting rows from the query, in an associative array. Granted, you could probably just do a count directly, since you don't seem to be doing anything else with the result, but... yeah.
The code is very outdated, it uses a lot of bad practice, and I wouldn't really recommend using it for anything in production. Even the HTML-code it's outputting is outdated, and should've been axed a long time ago.

 

Thank you for your reply/help.
I appreciate your effort, however thatb did not remedy this issue.
Any additional help will be appreciated

 

First off, when was this written, 1998? PLEASE say 1998... You see all those @ signs? See the error_reporting(0)? Those mean whoever wrote that has ZERO business writing PHP. See all those <font> tags? That means whoever wrote that has no business writing websites any time after 1998. Whatever that disaster is attempting to do with the endless variables for nothing, outdated methdology, and five times the code probably needed to do the job? Do yourself a favor, pitch that rubbish in the trash and start over. It was a laundry list of how not to build a website 17 years ago -- that you even have it deployed anyplace without constantly being pwned is mind-boggling.

That said, 99% of the time you get that error, it's because you are performing something like an insert where the number of values passed does not match the number of columns referred to.

I'm looking at the queries and not seeing anything obvious that would result in that, but generally speaking that's such a train wreck of ineptly built outdated code there could be hundreds of errors with NONE of them being reported properly. To track down problems if you want to keep that rubbish would be to switch error reporting to all instead of none, and lose all those @ error suppressions. It's probably throwing far more errors than you realize. Hell it doesn't even have isset checks.

 

I tried taking a look at it and rewrite the whole thing to a more sane setup... I gave up after 30 or so lines.

BTW, since I don't remember: can you do a mysql_num_rows directly at a query? Or do you need to do it against a result?

 

mysql_query returns a result, the variables things are being assigned to are also poorly named. The variable in his code called $sql is what everyone else would call $query, and the variable called $query is what everyone else would call $result.

Hence your confusion.

Laughably I'm working on launching a site, possibly this week, based on decade old code and notes that I'm trying to modernize, so I'm knee deep in exactly this type of bad code right now.

Not to speak ill of Dan or Aaron... but it was a different world back then.

 

Ah, right... it's so long since I've used mysql_ I've mostly forgotten everything about using it. PDO has been my goto way of accessing databases in PHP for 5-6 years now, at least, maybe longer.
But yeah, the variable-names was adding to the confusion, indeed.

I took a look at my first ever webpage not too long ago. It was mostly HTML (XHTML 1.1, actually, I think), with a bit of PHP thrown in for a gallery-function, and some stupid PHP-functions that was fun to put on a page over 10 years ago, but which I never would've used today No database, but some very poor non-looping repeated code, and horrible, horrible styling. Although I made it using CSS, and I don't think any of the horribly deprecated elements are present (maybe a <center> or two...).

 

Thank you, yes, it's not my code, and I will have to replace it, but as of right now, I'd like to know, please, How do I "switch error reporting to all instead of none"?

 

First there's that error_reporting(0); line, change that to:

error_reporting(E_ALL);

That way the program will report normal errors and die if it encounters a fatal one.

But, errors are still suppressed thanks to all those stupid malfing @ signs, so you'll need to remove ALL of those to have the mysql_ functions report that anything is wrong.

Even with error reporting suppressed they should still have been going into your server's error log... so that's something I'd look into as well. The location of that log varies depending on OS, or even on which version of an OS the server is running. Some really good hosting plans are even nice enough to put a copy of the error logs where you can get at it in your FTP login.