Having trouble with MySQL Queries!

emkay

I've managed to get the user registration module working perfectly, but I'm having some more trouble with my login authentication queries:

	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysql_error()) ; }
	$num_rows = mysql_num_rows($result);
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die(mysql_error());
	}

This always gives me the following error:

Warning: mysql_num_rows() expects parameter 1 to be resource, object given in C:\wamp\www\login.php on line 54

Line 44 is the following line:

	$num_rows = mysql_num_rows($result);

Help!

Neville1985

	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysql_error()) ; }
	//$num_rows = mysql_num_rows($result); <---Problem
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die(mysql_error());
	}

The comment line is the problem that I can pick up.
Your using a mysql_num_rows() function with a mysqli_query() function.

Replace
mysql_num_rows($result)
with
mysqli_num_rows($result)

Try this:

	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysql_error()) ; }
	$num_rows = mysqli_num_rows($result);
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die(mysql_error());
	}

Remember, if you use mysqli extention functions you need to maintain that over the script.

emkay

Neville1985;10932708 wrote:
	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysql_error()) ; }
	//$num_rows = mysql_num_rows($result); <---Problem
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die(mysql_error());
	}
The comment line is the problem that I can pick up.
Your using a mysql_num_rows() function with a mysqli_query() function.

Replace
mysql_num_rows($result)
with
mysqli_num_rows($result)

Try this:
	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysql_error()) ; }
	$num_rows = mysqli_num_rows($result);
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die(mysql_error());
	}
Remember, if you use mysqli extention functions you need to maintain that over the script.

You are an absolute saviour, thanks so much! 😃

Neville1985

your welcome, you should think about using the PHP data object (PDO) to handle this. Just adds a little bit of flexability to your scripts. Have a lookey 🙂

emkay

Neville1985;10932711 wrote:
your welcome, you should think about using the PHP data object (PDO) to handle this. Just adds a little bit of flexability to your scripts. Have a lookey 🙂

Thanks for the link.

I'm pretty much a noob when it comes to PHP (I only started coding a couple of days ago :p and I have another problem. Here is the full mysql query code:

	$sql = "SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass' ";
	$result = mysqli_query($dbcon,$sql);
	if(!$result) { die('Query Error' . mysqli_error()) ; }
	$num_rows = mysqli_num_rows($result);
	if ($num_rows < 1) {
		$_SESSION['login'] = '';
		die('Invalid Login Details. Please enter your correct login details or consult eFlair Administration.');
	}

$query = "SELECT id FROM users WHERE email = '$email' AND password = '$encrypt_pass'";
$result = mysqli_query($dbcon,$query)
or die('Error logging in. User ID could not be located.');
$uid = mysqli_fetch_row($result);

$query = "SELECT firstname FROM users WHERE email = $email AND password = $encrypt_pass";
$result = mysqli_query($dbcon,$query)
or die('Error logging in. User first name could not be located.');
$firstname = mysqli_fetch_row($result);

$query = "SELECT lastname FROM users WHERE email = $email AND password = $encrypt_pass";
$result = mysqli_query($dbcon,$query)
or die('Error logging in. User last name could not be located.');
$lastname = mysqli_fetch_row($result);

$query = "SELECT permission_level FROM user_permissions WHERE userID = '$uid'";
$result = mysqli_query($dbcon,$query)
or die('Error logging in. User permission level could not be loaded.');
$perm = mysqli_fetch_row($result);

While the first set works fine, the last four sets done.

For the User ID query, I am trying to obtain the user ID of the user, but it returns $uid as "Array". I know this because I tested it with "echo $uid;" and it just displays "Array" instead of the actual user ID. Do you know what I am doing wrong?

For the next two, I am trying to obtain the first name and the last name of the user so I can store that in a session variable. They don't work at all and just return a die() error. The same thing happens when I try to obtain the user permissions, which is located in a second table.

Will using PHP Data Objects solve this? Can you provide an example of how to use it?

Thanks in advance to anyone who helps.

Neville1985

if ($dbcon) {
	$sql	=	"SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass'";
	$result	=	mysqli_query($dbcon, $sql);
	if (mysqli_num_rows($result) > 0) {
		$array	=	mysqli_fetch_array($result, 1);
		if (array_key_exists("firstname", $array) && array_key_exists("lastname", $array) && array_key_exists("id", $array)) {
			$_SESSION['f_name']	=	$array['firstname'];
			$_SESSION['l_name']	=	$array['lastname'];
			$uid	=	$array['id'];
			echo "Session Data Set";
			unset($sql, $result, $array);
		} else {
			echo "Array keys didn't exist";
		}
	} else {
		echo "No Results returned";
	}
	$sql	=	"SELECT permission_level FROM user_permissions WHERE userID = '$uid'";
	$result	=	mysqli_query($dbcon, $sql);
	if (mysqli_num_rows($result) > 0) {
		$array	=	mysqli_fetch_array($result, 1);
		if (array_key_exists("permission_level", $array)) {
			//do what you want with it here
			//to get the information you need to use $array['id']
			unset($sql, $result, $array);
		} else {
			echo "Array keys didn't exist";
		}
	} else {
		echo "No Results returned";
	}
}

You don't need to do seperate queries for each row in the table. Just use arrays 🙂
PDO is probably beyond you at the moment though, so just sick to this sorta stuff.

I kept it as simple as possible from what you were saying you were looking at doing. I'll run you through it.

Checks if the database connection is active
Sets select query to get all rows from users where email = $email and password = $encrypt_pass
Gets database results
If statement checks if the if any results were returned, if not, echo's an error
$array contains the array data
If statement checks if "firstname, lastname and id" array keys are present (should be if you provided the correct info above)
sets session variables "f_name, l_name" to "$array['firstname]', $array['lastname'] " respectively
sets $uid to $array['id'] (should be present cause we checked for it above 😛)
Error
Error
Re-Sets $sql to new query, requesting permission_level from user_permissions where userID = $uid (set above)
Result
check for returned results cont.

and repeats itself again.

Whatever you want to do with the "permission_level" value taken from the database on the second query, just remove the // crap from inside the second part of the script and replace it with your script.

Also to access the data, all you need to do is $array['permission_level']

All the echo statements can be removed if you don't want any error msg, add stuff, remove stuff, up to you.

Hope this helps.

Handy Links 😉
PHP Bible
Array Bible

emkay

Neville1985;10932717 wrote:
if ($dbcon) {
	$sql	=	"SELECT * FROM `users` WHERE email = '$email' AND password = '$encrypt_pass'";
	$result	=	mysqli_query($dbcon, $sql);
	if (mysqli_num_rows($result) > 0) {
		$array	=	mysqli_fetch_array($result, 1);
		if (array_key_exists("firstname", $array) && array_key_exists("lastname", $array) && array_key_exists("id", $array)) {
			$_SESSION['f_name']	=	$array['firstname'];
			$_SESSION['l_name']	=	$array['lastname'];
			$uid	=	$array['id'];
			echo "Session Data Set";
			unset($sql, $result, $array);
		} else {
			echo "Array keys didn't exist";
		}
	} else {
		echo "No Results returned";
	}
	$sql	=	"SELECT permission_level FROM user_permissions WHERE userID = '$uid'";
	$result	=	mysqli_query($dbcon, $sql);
	if (mysqli_num_rows($result) > 0) {
		$array	=	mysqli_fetch_array($result, 1);
		if (array_key_exists("permission_level", $array)) {
			//do what you want with it here
			//to get the information you need to use $array['id']
			unset($sql, $result, $array);
		} else {
			echo "Array keys didn't exist";
		}
	} else {
		echo "No Results returned";
	}
}
You don't need to do seperate queries for each row in the table. Just use arrays 🙂
PDO is probably beyond you at the moment though, so just sick to this sorta stuff.

I kept it as simple as possible from what you were saying you were looking at doing. I'll run you through it.

Checks if the database connection is active

Sets select query to get all rows from users where email = $email and password = $encrypt_pass

Gets database results

If statement checks if the if any results were returned, if not, echo's an error

$array contains the array data

If statement checks if "firstname, lastname and id" array keys are present (should be if you provided the correct info above)

sets session variables "f_name, l_name" to "$array['firstname]', $array['lastname'] " respectively

sets $uid to $array['id'] (should be present cause we checked for it above 😛)

Error

Error

Re-Sets $sql to new query, requesting permission_level from user_permissions where userID = $uid (set above)

Result

check for returned results cont.

and repeats itself again.

Whatever you want to do with the "permission_level" value taken from the database on the second query, just remove the // crap from inside the second part of the script and replace it with your script.

Also to access the data, all you need to do is $array['permission_level']

All the echo statements can be removed if you don't want any error msg, add stuff, remove stuff, up to you.

Hope this helps.

Handy Links 😉
PHP Bible
Array Bible

Can't thank you enough, that's helped immensely, again, thanks very much 😃

emkay

Just tried your code out, everything worked perfectly 😃