mysql_num_rows(): supplied argument is not a valid MySQL result resource in 15

Question

Every time I try to run my script I get this error, saying that mysql_num_rows(): supplied argument is not a valid MySQL result resource. I'm not quite sure why its doing this. My goal is to get it to check to see if the client who logs in is an admin.

<?php
    session_start();
    $username = $_POST['username'];
    $password = $_POST['password'];

    if ($username&&$password)
    {

    $user = $_SESSION['user'];
    //connect
    $connect = mysql_connect("localhost","*******_robert","***********") or die ("Couldn't Connect"); //host,username,password
    mysql_select_db("virtua15_gateway") or die ("Could not find database");
    //query
    $get = mysql_query("SELECT * FROM Users WHERE username='$user'");
    $numrows = mysql_num_rows($query);
    if ($numrows!=0)
    {
        while ($row = mysql_fetch_assoc($query))
        {
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
        }
        if ($username==$dbusername&&$password==$dbpassword)
        {
         header( 'Location: index2.php' );
         $_SESSION['username']=$dbusername;
        }
        else
            echo "incorrect username and password";
    }
       else
         die ("This user does not exist");

    }
    else
        die("Please enter a username and a password");


    while($get = mysql_fetch_assoc($get))

{
 $admin = $row['admin'];
}
if ($admin==0)
 die ("You are not and admin!");
header('Location: index2.php')

?>

I'm pretty sure I've already seen this kind of question... [hint: check questions under the "related" tab on the right ---->] — Damien Pirsy, Jan 21 '12 at 11:18
possible duplicate of [mysql_num_rows(): supplied argument is not a valid MySQL result resource](http://stackoverflow.com/questions/3698740/mysql-num-rows-supplied-argument-is-not-a-valid-mysql-result-resource) — DCoder, Aug 09 '12 at 07:38

score 3 · Accepted Answer · answered Jan 21 '12 at 11:19

3

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

So, is it $get or $query?

answered Jan 21 '12 at 11:19

Michael Krelin - hacker

138,757
24
193
173

score 3 · Answer 2 · answered Jan 21 '12 at 11:20

You call your query resource $get, but then pass it as $query. Choose one :)

$query = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

Also, add an error checking in case the query fails (die() or trigger_error())

Might be also worth noting you need to escape any input instead of feeding it directly in your query (even from $_SESSION or $_COOKIES, not only $_POST). Use mysql_real_escape_string() for that. And you should not store password in clear text, might use sha1() or better hashing algos.

score 2 · Answer 3 · answered Jan 21 '12 at 11:21

2

use this:

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

instead of :

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

answered Jan 21 '12 at 11:21

jogesh_pi

9,762
4
37
65

score 1 · Answer 4 · answered Jan 21 '12 at 11:22

1

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

change $query to $get

answered Jan 21 '12 at 11:22

dimitril

393
2
4

mysql_num_rows(): supplied argument is not a valid MySQL result resource in 15

4 Answers4