[Resolved] stumped on error for authentication

cybersounds

My code works up to a point where it either shows me specific data for a variety of login names upon logging in, and it shows me a drop down arrow when I log in as Administrator. But, upon selecting an option from the drop down menu populated with agency names I get the following error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/esbsolu/public_html/project/powerbucks/authentication.php on line 105
There are no records in your database.

I'm stumped as there ARE records in my database, so can somebody take a look at my code and give me a suggestion? THANKS!


<?php
session_start();


if(isset($HTTP_POST_VARS['username']) && isset($HTTP_POST_VARS['password']))
	{
	// if user just tried to log in
	$username = $HTTP_POST_VARS['username'];
	$password = $HTTP_POST_VARS['password'];

//connect to mysql
$db = @mysql_connect('localhost', 'user', 'pass');

if(!$db)
	{
	echo 'Cannot connect to database.';
	exit;
	}

//select the appropriate database
$mysql = mysql_select_db('esbsolu_powerbucks');
if(!$mysql)
	{
	echo 'Cannot select database.';
	exit;
	}

//query the database to see if there is a record which matches
$query = "select count(*) from authentication where
username='$username' and password='$password'";

$result = mysql_query( $query ) or die(mysql_error());
if(!$result)
	{
	echo 'Cannot run query.';
	exit;
	}

$count = mysql_result ( $result, 0, 0 );

if ($count > 0)
	{

	// username is verified, now register the username

	$HTTP_SESSION_VARS['valid_user'] = $username;


	}

}
?>

<?include("header.php");?>

<?php
if (isset($HTTP_SESSION_VARS['valid_user']))
	{
	if ($HTTP_SESSION_VARS['valid_user'] == Administrator)
		{
		?>

	<center>
	<form method="post" action="<?php echo $PHP_SELF; ?>">	

	<?php

	if (!$submit)

		{
		// populate the drop down menu 
		$namepull = "SELECT * FROM listings ORDER BY id ASC"; 

		// execute SQL query and get result 
		$nameput = mysql_query($namepull,$db) or die(mysql_error() . "result"); 

		// put data into drop-down list box 
		while ($row = mysql_fetch_array($nameput)) 
			{ 

			$agency  = $row["agency"]; 
			$id  = $row["id"]; 
			$agencies .= "<option value=\"$id\">$agency"; 
			} 

		?> 
		<select name="selected_agency" id="agency" size="1" style="background-color:#F7F7F7;">
		<? echo "<option value=\"0\" selected>Select Agency";?> 
		<? echo "$agencies"; ?> 
		</select>
		<br /><br />
		<input type="submit" name="submit" value="Submit" class="button">
		</form>
		</center>

		<?php
		}

	else 

		{
		mysql_select_db('esbsolu_powerbucks');
		$agency_query = mysql_query("SELECT * FROM listings WHERE 	agency='".$_POST['selected_agency']."'");

		$num_results = mysql_num_rows($report);

		if ($num_results == 0)
			{
			echo 'There are no records in your database.';
			exit;
			}

		while($r = mysql_fetch_array($agency_query)) 
			{     
	        	$id=$r["id"]; 
			$agency=$r["agency"];
	        	$budget=$r["budget"]; 

	        	echo '<p><center><h3>Report for '.$agency.'</h3>
			<br />Your PowerBucks budget is $'.$budget.'.<br /><br />
			<a href="logout.php" class="roll">Log Out</a></center></p>';
			}

		}
	}
else
	{

	mysql_select_db('esbsolu_powerbucks');

	$report= mysql_query("select * from listings where agency='".$HTTP_SESSION_VARS['valid_user']."' ORDER BY id ASC");

	$num_results = mysql_num_rows($report);


	if ($num_results == 0)
		{
		echo 'There are no records in your database.';
		exit;
		}


	while($r = mysql_fetch_array($report)) 
		{     
    		$id=$r["id"]; 
            	$agency=$r["agency"];
    		$budget=$r["budget"]; 


    		echo '<p><center><h3>Report for '.$HTTP_SESSION_VARS['valid_user'].'</h3><br />
          		Your PowerBucks budget is $'.$budget.'.<br /><br />
          		<a href="logout.php" class="roll">Log Out</a></center></p>';
		}

	}

}

else
	{
	if (isset($username))
		{
		// if user tried and failed to log in
		echo '<h1 align="center">Authentication failed.</h1>';
		}
	else
		{
		// if user has not tried to log in yet or has logged out
		echo 'Please log in:';
		}

	//provide form to log in
	echo '<p><center>
	<form method="post" action="authentication.php">
	<table border="0">
	<tr>
	<th>Username:</th>
	<td><input type="text" name="username"></td>
	</tr>
	<tr>
	<th>Password:</th>
	<td><input type="password" name="password"></td>
	</tr>
	<tr>
	<td colspan="2" align="center">
	<br />
	<input type="submit" value="Authenticate" class="button">
	</td></tr></table></form></center></p>';

}


?>

<?include("footer.php");?>

LordShryku

Thats usually a SQL error. Try using
mysql_query("Your query") OR die(mysql_error());
on the query that is giving you that problem

cybersounds

Plugging in that gives me this error:

You have an error in your SQL syntax near 'agencyquery' at line 1

I believe it's referring to the following SQL statement which I can't figure out what is wrong with:


$agencyquery= mysql_query("SELECT * FROM listings WHERE 	agency='".$selectedagency."'");

What could it be?

cybersounds

Plugging in that gives me this error:

You have an error in your SQL syntax near 'agencyquery' at line 1

I believe it's referring to the following SQL statement which I can't figure out what is wrong with:


$agencyquery= mysql_query("SELECT * FROM listings WHERE 	agency='".$selectedagency."'");

What could it be?

LordShryku

Is that the query that the mysql_num_rows is calling on line 105 of your script? If so, split it out and echo the SQL like

$theQuery = "SELECT * FROM listings WHERE     agency='".$selectedagency."'";
echo $theQuery;
$agencyquery= mysql_query($theQuery);

cybersounds

I believe that the query you are referring to is the one that's causing the error, so I changed my code as follows and still get the same SQL error:

You have an error in your SQL syntax near 'agencyquery' at line 1


		$selectedagency = $_POST['selectedagency'];
		mysql_select_db('esbsolu_powerbucks');
		$theQuery= mysql_query("SELECT * FROM listings WHERE 	agency='".$selectedagency."'");
		echo $theQuery; 
		$agencyquery= mysql_query($theQuery);
		mysql_query("agencyquery") OR die(mysql_error());

LordShryku

Look at my previous post. Seperate the SQL from the mysql_query statement. echo the SQL. echoing the mysql_query statement will do nothing bu produce the Resource ID

cybersounds

Sorry to have missed that in your previous post....the code below yields this output in the browser:

SELECT * FROM listings WHERE agency=''You have an error in your SQL syntax near 'agencyquery' at line 1


		$theQuery = "SELECT * FROM listings WHERE     agency='".$selectedagency."'"; 
		echo $theQuery; 
		$agencyquery= mysql_query($theQuery);
		mysql_query("agencyquery") OR die(mysql_error());

LordShryku

Meaning it can't find $_POST['selected_agency']. Check your post array