Hi Guys, I've been beating myself up trying to correct this to no avail. I'm hoping that one of you phpGurus can assist. I need to get the following working: <?php $sql = "select * from users where userid = " . $user->userid; $query = mysql_query($sql); if (mysql_num_rows($query)) { $result = mysql_fetch_array($query); $game = $result['game']; } if (!empty($_POST['game'])) $game = $_POST['game']; ?> Code (markup): Thanks!
Hi, The error given is: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/xxxx/public_html/header.php on line 11 Actually, I'm having quite a few mysql_num_rows() & mysql_fetch_array() errors lately. I thought if someone could help me with this error, I can probably use the same info to take care of the others. Thanks!
When you get such error, it means that the query is invalid. You can try outputting the query and you will see what is wrong with it (for example if the user id is empty).
You should also stop using mysql_ - it's been outdated for 8+ years. Use mysqli_ or PDO instead. Btw, why are you using mysql_num_rows to check if it returns a result? Just do the if directly on mysql_fetch_array
The_Phantom, 1. It looks like your mysql_query returns false because of query error. You can use this to debug: $query = mysql_query($sql) or die('Query:<br />' . $sql . '<br /><br />Error:<br />' . mysql_error()); PHP: 2. Check the "Recommended API" section at http://php.net/mysqlinfo.api.choosing
something like this should work but a lot can be improved on this // limit 1 to stop asa it finds a result assuming you don't use Auto increment as userid $query = "select * from users where userid = '" . $user->userid . "' limit 1"; $result = mysql_query($query); if ($result && mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); } Code (markup):
Why are you guys concocting SQL-queries? WHY? $query = "SELECT * FROM users WHERE userid = $user->userid LIMIT 1"; This assumes that userid actually is a userid, numerical, no spaces etc. You don't have to enclose or escape numeric values in a query. In case it should be needed to do anything else, because the userid is an alphanumeric value, for instance: $query = "SELECT * FROM users WHERE userid = '$user->userid' LIMIT 1"; No need to concoct anything in an sql-query
$query = "select * from users where userid = '" . $user->userid . "' limit 1"; Code (markup): $query = "SELECT * FROM users WHERE userid = '$user->userid' LIMIT 1"; Code (markup): ( notice the single quotes ) To me both seem identical, why I use '" . $user->userid . "' rather than '$user->userid' is simply my preferred coding style (& it better highlights in editors.) In the begin post indeed only numeric values are allowed, but maybe he uses the auto increment as userid ... who knows... even then it is advised to use quotes... but this is irrelevant to the question btw : Do you mean concat ? :-D
This is the best advice in the thread, and largely going unnoticed. There really is SO much wrong with that code -- the outdated mysql_ functions, the use of fetching an entire result set for no reason, using empty instead of (or in addition to) isset... blindly posting variable data into arrays like it's still 2005... You have NO business doing that if you care the slightest bit about security or efficiency. 2005 called, wants it's code back. Also does it make any sense to immediately change $game to the $_POST value right after setting it to the database's value? Should that perhaps be an ELSE? // assuming $db is a connected PDO object $statement = $db->prepare(' SELECT * FROM users WHERE userid = ? '); $stmt->execute([$user->userid]); if (!($game = $stmt->fetch())) { $game = isset($_POST['game']) ? $_POST['game'] : false; } Code (markup): Guessing a bit, but I suspect this is what you were TRYING to do and how modern code would approach it.