mysql_num_rows warning!

tobymac

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in ... on line 64

This is the parse page where the warning is coming from, any ideas? paste?

<?php
session_start();
if (!$_SESSION['id']) {
$msgToUser = ' Only site members can do that<a href="register.php">Join Here</a>';
include_once 'msgToUser.php';
exit();
}
//////////////////////////////////////////////// End member Log in check ///////////////////////////////////////////////////

$id = $_SESSION['id'];

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

if ($_POST['parse'] == "passchange") {

$current_pass = $_POST['current_pass'];
$new_pass1 = $_POST['new_pass1'];
$new_pass2 = $_POST['new_pass2'];


if ($new_pass1 != $new_pass2) {
	$msgToUser = '<br /><br /><font color="#FF0000">Create New Password and Confirm New Password did not match.</font>
	<p><a href="account_settings.php">Try again</a></p>';
	 include_once 'msgToUser.php'; 
     exit(); 
}

 // Connect to database
 include_once "connect_to_mysql.php";
  // Add MD5 Hash to the password variable
 $hash_cur_pass = md5($current_pass);
 $hash_new_pass = md5($new_pass1);
 $sql = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hash_cur_pass'");
 $pass_check_num = mysql_num_rows($sql);

 if ($pass_check_num > 0) {
	 $sqlUpdate = mysql_query("UPDATE memberFiles SET password='$hash_new_pass' WHERE id='$id'");
	 $msgToUser = '<br /><br />Your password has been changed successfully.
	 <p><a href="profile.php">Click here to go to your profile</a></p>';
      include_once 'msgToUser.php'; 
      exit(); 

 } else {
	$msgToUser = '<br /><br /><font color="#FF0000">Your current password did not match what we have on file.</font>
	<p><a href="account_settings.php">Try again</a></p>';
	 include_once 'msgToUser.php'; 
     exit(); 
 }

}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

if ($_POST['parse'] == "delete_account") {

$del_acct_pass = $_POST['del_acct_pass'];
// Connect to database
 include_once "connect_to_mysql.php";
  // Add MD5 Hash to the password variable
 $hash_cur_pass = md5($del_acct_pass);
 $sql = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hash_cur_pass'");
 $pass_check_num = mysql_num_rows($sql);
 if ($pass_check_num > 0) {
	 $msgToUser = '
	  Are absolutely sure you want to delete your account?<br />
	  <br />
	  <a href="account_settings_parse.php?choice=no">NO</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="edit_settings_parse.php?choice=yes">YES</a>';
      include_once 'msgToUser.php'; 
      exit(); 

 }

}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

if ($_GET['choice'] == "yes") {

$pic1 = ("memberFiles/$id/image01.jpg");
 if (file_exists($pic1)) {
	    unlink($pic1);
}
$dir = "members/$id";
rmdir($dir);
// Connect to database
include_once "connect_to_mysql.php";
$sqlTable1 = mysql_query("DELETE FROM memberFiles WHERE id='$id'"); 
$sqlTable2 = mysql_query("DELETE FROM blabbing WHERE mem_id='$id'");
session_destroy();
$msgToUser = 'Your Account has been deleted';
 include_once 'msgToUser.php'; 
 exit();

} else if ($_GET['choice'] == "no") {

include_once 'profile.php'; 
exit();

}
?>

dagon

this almost always means the query failed ,so debug that.

tobymac

i do not know how.... a little help?

dagon

$sql = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hash_cur_pass'");
if (!$sql) {
    die('Invalid query: ' . mysql_error());
}

tobymac

do i replace that with line 63?

dagon

yes

tobymac

okay i did, thank you! it says "Invalid query: Table 'renovati_free.memberFiles' doesn't exist" would the problem still be in that file? or in another? because i cant pinpoint the issue

dagon

seems rather clear to me, you don't have a table:

renovati_free.memberFiles

tobymac

well the memberFiles is a folder but it is "../" not under "free" i can't seen to find the line to change
unless they want me to make a table in the mysql database?????

dagon

tobymac;10984959 wrote:
well the memberFiles is a folder but it is "../" not under "free" i can't seen to find the line to change
unless they want me to make a table in the mysql database?????

well since its a mysql query, then yes, its a db table that is missing:rolleyes:

tobymac

that doesnt make sence i would need one. i feel dumb... haha okay thank you, what are the correct values i should put in? would you know????

tobymac

now im getting this? "Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near './memberFiles WHERE id='29' AND password='d8937d28b4ac2e3f41ef0d7abdd51b3b'' at line 1"

tobymac

PS! i made the table, i renamed it wrong that was the issue, but im still getting the weird thing i posted up

leatherback

You should probaly echo the query you send to mysql, and check that for any mis-quoting. Ideally you first create a variable that you use for the query, the echo it, then run it:

$sel_query = "SELECT * FROM memberFiles WHERE id='$id' AND password='$hash_cur_pass' ";

// debugging display only
echo $sel_query;

// run it:
$sql = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hash_cur_pass'");
if (!$sql) {
    die('Invalid query: ' . mysql_error());
}

THat would help debugging.

Furthermore, if I quickly scan your code: You need to make sure that the user is logged in at all times when working on his account. You now only check for login to show a 'delete account' link. However, if I know your website, I can just try whether I can delete any account by playing with the links. You'd probably best check for logged in at the top of the page. Then you store in a variable the logged_in_status. In the rest of the script you then check whether the user is logged in before running any of the scripts.

Your queries need some way of error checking, now your site will throw all sorts of errors if the SQL misfires. Yet you will claim the account was deleted, as long as the script does not die (That happens here:
$sqlTable1 = mysql_query("DELETE FROM memberFiles WHERE id='$id'");
$sqlTable2 = mysql_query("DELETE FROM blabbing WHERE mem_id='$id'");
session_destroy();
$msgToUser = 'Your Account has been deleted'😉