[RESOLVED] mysql_num_rows waring.

AGSUProgrammer

Hello I'm getting the following error for a webpage that will retrieve a user's login name :

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /portal/server/htdocs/portal/my-get-myid.php on line 33

Here is my code and I have highlighted where the error is occuring in blue.

<? session_start(); ?>
<? require("globals/config/globals-config.php"); ?>
<? require("globals/config/globals-mconnect.php"); ?>
<? require("globals/config/globals-oconnect.php"); ?>
<? $_SESSION['MY_CUR_PAGE'] = "my-get-uinfo.php"; ?>

<?
$ENTER_FNAME = strtoupper($_POST['MY_FNAME']);
$ENTER_LNAME = strtoupper($_POST['MY_LNAME']);
if ($_POST['MY_MONTH'] < 10) {
	$ENTER_MONTH = "0" . $_POST['MY_MONTH'];
} else {
	$ENTER_MONTH = $_POST['MY_MONTH'];
}
if ($_POST['MY_DAY'] < 10) {
	$ENTER_DAY = "0" . $_POST['MY_DAY'];
} else {
	$ENTER_DAY = $_POST['MY_DAY'];
}
$ENTER_BDATE = $_POST['MY_YEAR'] . "-" . $ENTER_MONTH . "-" . $ENTER_DAY;
$ENTER_EAGLEID = $_POST['MY_EAGLEID'];

/*** !! sql error here !! ***/
$myQuery = "SELECT DISTINCT USER_PIDM, USER_UNAME, USER_STUID";
$myQuery .= "FROM MYGSUSER, MYGSUROL WHERE UCASE(USER_FNAME)='" . $ENTER_FNAME . "' ";
$myQuery .= "AND UCASE(USER_LNAME)='" . $ENTER_LNAME . "' ";
$myQuery .= "AND USER_BDATE='" . $ENTER_BDATE . "' ";
$myQuery .= "AND USER_STUID='" . $ENTER_EAGLEID . "' ";
$myQuery .= "AND USER_PIDM=UROL_PIDM ";

//echo $myQuery;
$i=0;
$results = mysql_query($myQuery);
$i = mysql_num_rows($results)[/COLOR]
//echo "i is equal to: " . $i;
//if ($i != 0) {
//	$data = mysql_fetch_assoc($results);
//	$user = $data['USER_UNAME'];
//	$pidm = $data['USER_PIDM'];
//}
?>
<? session_start(); ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>My.GeorgiaSouthern.edu</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="styles/mygsu.css">
</head>

<body topmargin="0" leftmargin="2" rightmargin="0" marginheight="0" marginwidth="0">
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
<? include("globals/includes/inc-header.php"); ?>
</table>
<h1>Getting started My.GeorgiaSouthern.edu</h1>
<? if ($i <= 0) { ?>
<div class="formError">
<span class="formError">We could not find you in our System.</span><br>
<br>
We were unable to match the information you entered to our system.  Please feel free to verify your information and please try again by
<a href='my-lookup-myid.php'>Clicking Here</a></div>
<? } elseif ($i==1){
	$data = mysql_fetch_assoc($results);
	$user = $data['USER_UNAME'];
	$pidm = $data['USER_PIDM'];

 ?>
<p>Your My.GeorgiaSouthern.edu ID is listed below. </p>
  <table width="500" border="0" cellspacing="2" cellpadding="2">
    <tr>
      <td class="formLabel">MyID: </td>
      <td class="formField"><span style="font-size: 14px;"><?=$user?></span></td>
    </tr>
	<? if ($role == "13") {
		// query to get the email address for 
		$selectEmail = "select GOREMAL_EMAIL_ADDRESS from GOREMAL where GOREMAL_PIDM='". 
						$pidm. "' and GOREMAL_EMAL_CODE='JEFF' and GOREMAL_PREFERRED_IND='Y'";
		//echo $selectEmail. "<br>";
		$stmt = ociparse($my_conn,$selectEmail);
		ociexecute($stmt);
		ocifetch($stmt);
		$gomlEmail = ociresult($stmt,"GOREMAL_EMAIL_ADDRESS");
	?>
	<tr>
	<td class="formLabel">GeorgiaOnMyLine Registration System: </td>
    <td class="formField"><span style="font-size: 14px;"><?=$gomlEmail?></span></td>
	</tr>
	<tr>
	<td class="formLabel">GeorgiaOnMyLine/Vista System: </td>
    <td class="formField"><span style="font-size: 14px;"><?=$gomlEmail?></span></td>
	</tr>
	<tr>
	<td class="formLabel">Email Address: </td>
    <td class="formField"><span style="font-size: 14px;"><?=$gomlEmail?></span></td>
	</tr>
	<?	
	 }// end if role is 13, GOML
	?>
  </table>
<? } else { //i>1
	$j=0;?>
	<p>You have multiple My.GeorgiaSouthern.edu IDs on file.  They are listed below. </p>
	<table width="300" border="0" cellspacing="2" cellpadding="2">
<?	while ($data = mysql_fetch_assoc($results)) {
	$j++;
    $user = $data['USER_UNAME'];
	$pidm = $data['USER_PIDM']; 
	?>
	<tr>
	<td class="formLabel">MyID <?php print $j;?>: </td>
    <td class="formField"><span style="font-size: 14px;"><?=$user?></span></td>
	</tr>

<?	} ?>
    </table>
<? } ?>
<p><a href='../index.php'>Return to login page</a></p>
</body>
</html>

I have removed a field name in the query called UROL_RID. The page was working before I removed the field from the query. Can anyone please help me with this?

laserlight

Try printing your SQL statement. You will probably find that a lack of spaces is causing it to be incorrect.

bradgrafelman

First thing to do when you've got SQL issues is to a) echo out the query so you can visually examine it, and b) echo out the error message returned by your SQL server. Simple example:

$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "<br>\nQuery: $query");

halojoy

the mysql_query before that mysql_num_rows
did return FALSE instead of $result
Which means the mysql_query generated AN ERROR

this is error you can easily catch and read using
[man]mysql_error[/man]
there are examples how you do it in PHP Manual

but basically:

$result = mysql_query($sql);
if(mysql_error()) exit(mysql_error()); //gives message
//about what went wrong
//like bad syntax hints

niroshan

I think your missing one space at the end of below string.

$myQuery = "SELECT DISTINCT USER_PIDM, USER_UNAME, USER_STUID ";

AGSUProgrammer

It was the space at the end of the query that was giving the error.

laserlight

AGSUProgrammer wrote:
It was the space at the end of the query that was giving the error.

More accurately, the lack of a space at one of your strings that would be joined to form the entire SQL statement.

In the future, you may find it easier to do this:

$myQuery = "SELECT DISTINCT USER_PIDM, USER_UNAME, USER_STUID
    FROM MYGSUSER, MYGSUROL WHERE UCASE(USER_FNAME)='$ENTER_FNAME'
        AND UCASE(USER_LNAME)='$ENTER_LNAME'
        AND USER_BDATE='$ENTER_BDATE'
        AND USER_STUID='$ENTER_EAGLEID'
        AND USER_PIDM=UROL_PIDM";

But then I notice that the variables take their values from incoming variables, and yet were not properly sanitised. Therefore, you can consider:

$myQuery = sprintf("SELECT DISTINCT USER_PIDM, USER_UNAME, USER_STUID
    FROM MYGSUSER, MYGSUROL WHERE UCASE(USER_FNAME)='&#37;s'
        AND UCASE(USER_LNAME)='%s'
        AND USER_BDATE='%s'
        AND USER_STUID='%s'
        AND USER_PIDM=UROL_PIDM",
    mysql_real_escape_string($ENTER_FNAME),
    mysql_real_escape_string($ENTER_LNAME),
    mysql_real_escape_string($ENTER_BDATE),
    mysql_real_escape_string($ENTER_EAGLEID));