[PHP] mysql_num_rows error

[VistaMS]

Okay, I have a registration script with activation.

It does what its suppose until you goto activate the account, When you do, You get this error:

"Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Documents and Settings\Administrator\Desktop\xampplite\htdocs\vistamsregister\activate.php on line 28"

I was wondering if you guys could help me with this, I cant seem to find the problem.

 

[lordvladek]

Re: I need some help.

Helps when you post the script displayin the error..

 

[VistaMS]

Re: I need some help.

Heres the whole activation.php:

<? //Start php

include('config.php');
    /*

    In the url we should have &code={characters} in it, this is the users activation code. We use the $_GET function in order to pull it out of the url into a variable. We use the if statement in this to make sure that we have it here, if it we dont, then we can show a message that it's not there.

    */

    if($activation = $_GET['code']){

        //Check to see if it's not empty

        if($activation != NULL){

            /*

            Now we got the activation code they came here with, we need to select from the database where the activation code equals any from the table.

            */

            $acti = "SELECT `activation` FROM `users` WHERE `actcode` = '$activation'";

            $acti = mysql_query($acti);

            //We want to find out if there are any rows with this, if so, it should come up with 1, if not, then 0.

            $actin = mysql_num_rows($acti);

            //Using the if statement, we can see if the activation is correct, since it should return higher than 0.

            if($actin > 0){

                //We edit the table to make activated in yes.

                $update = "UPDATE `users` SET `activated`='yes' WHERE `activation`='$code'";

                $update = mysql_query($update) or die(mysql_error());

                echo("You have successfully activated your account. You may not log in. Thank you.");

            }else{ //If it was 0 rows

                echo("Activation code is incorrect.");

            }

        }else{ //if code was blank

            echo("Code is blank.");

        }

    }else{

        echo("No activation code.");

    }

?>

 

[Schfoo]

Re: I need some help.

Edit: Nvm

 

[VistaMS]

Re: I need some help.

The only thing is, I cant figure out whats wrong with it.

Do I need something in my config file?

 

[TomParad0x]

Re: I need some help.

Only thing I can think of off the top of my head with what I see is:

Make sure the Query is correct, make sure the table name / column names are correct and not typed wrong, and make sure $activation is not something that would break the query.

Also, I think empty() is a better choice for the null check:

// Instead of
if($activation != NULL){
// I would do
if (!empty($activation)) {

 

[VistaMS]

Re: I need some help.

Ill test it and see.

 

[fook3d]

Re: I need some help.

Only thing I can think of off the top of my head with what I see is:

Make sure the Query is correct, make sure the table name / column names are correct and not typed wrong, and make sure $activation is not something that would break the query.

Also, I think empty() is a better choice for the null check:

// Instead of
if($activation != NULL){
// I would do
if (!empty($activation)) {

empty() isnt a good choice, It isnt really reliable and is known to have issues so i hear from a friend, What the issues are, I do not know as i dont user empty() so wouldnt need to know.

if(strlen($activation)) {
    // Code here...
}

Would be the way would suggest, If the string length is NULL, Then it doesnt display. Just like empty() but without any known issues.

Edit:

Try this...

<?php //Start php

include('config.php');
    
	// In the url we should have &code={characters} in it
	// this is the users activation code. 
	// We use the $_GET function in order to pull it out of the url into a variable. 
	// We use the if statement in this to make sure that we have it here, if it we dont, 
	// then we can show a message that it's not there.

		// If there is no $_GET['code'], Die!
		if(!$_GET['code']) {
			echo 'There is no code';
			exit();
		}
		
		// Set $activation variable..
		$activation = $_GET['code'];
		
        //Check to see if it's not empty

        if(strlen($activation)) {

            // Now we got the activation code they came here with, we need to select from the database where the 
			// activation code equals any from the table.

            $activ = sprintf('SELECT `activation` FROM `users` WHERE `actcode` = ("%u")', $activation);

            $acti = mysql_query($activ) or die (mysql_error());

            //We want to find out if there are any rows with this, if so, it should come up with 1, if not, then 0.

            $actin = mysql_num_rows($acti);

            //Using the if statement, we can see if the activation is correct, since it should return higher than 0.

            if(strlen($actin)) {

                //We edit the table to make activated in yes.

                $updating = sprintf('UPDATE `users` SET `activated` = ("%s") WHERE `activation` = ("%s")', yes, $code);

                $update = mysql_query($updating) or die(mysql_error());

                echo 'You have successfully activated your account. You may not log in. Thank you.';

            } else { //If it was 0 rows

                echo 'Activation code is incorrect.';

            }

        } else { //if code was blank

            echo 'Code is blank.';

        }

?>

 

[Pieman]

Your $acti query is incorrect.

 $acti = "SELECT activation FROM users WHERE actcode = '$activation'";

This should be correct.

 

[fook3d]

Your $acti query is incorrect.

 $acti = "SELECT activation FROM users WHERE actcode = '$activation'";

This should be correct.

As far as i know, Adding ` around the table and row names is more secure than not having them.

I believe the whole problem is due to the $activation code being put into the if()

The version of the code i posted should work as i have took away the if() around it, Cleaned up the code using sprintf() and whatever else i did, Which i have forgot =]

* Hopes the OP leaves feedback if he tries it *

 

[Pieman]

As far as i know, Adding ` around the table and row names is more secure than not having them.

I believe the whole problem is due to the $activation code being put into the if()

The version of the code i posted should work as i have took away the if() around it, Cleaned up the code using sprintf() and whatever else i did, Which i have forgot =]

* Hopes the OP leaves feedback if he tries it *

I don't think so, else it would've given another error than
" Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Documents and Settings\Administrator\Desktop\xampplite\htdocs\vi stamsregister\activate.php on line 28"

This warning indicates that mysql_num_rows was given an invalid argument, like the warning above already suggests. And since he is entering a query into mysql_num_rows ($acti) the only logical explanation would be that his query is wrong, else there shouldn't be such a warning.
And the correction I posted earlier was the only error I could find in the script.

I could be wrong though.

 

[fook3d]

I just tested this one, Which works without an issue for me. After the activation, It also sets the actcode to NULL so that it cant be used again, As a NULL $activation value (page.php?code={blank space}) would result in a no code error.

The php:

<?php //Start php

include('config.php');
    
    // In the url we should have &code={characters} in it
    // this is the users activation code. 
    // We use the $_GET function in order to pull it out of the url into a variable. 
    // We use the if statement in this to make sure that we have it here, if it we dont, 
    // then we can show a message that it's not there.

        // If there is no $_GET['code'], Die!
        if(!$_GET['code']) {
            echo 'There is no code';
            exit();
        }
        
        // Set $activation variable..
        $activation = $_GET['code'];
        
        //Check to see if it's not empty

        if(strlen($activation)) {

            // Now we got the activation code they came here with, we need to select from the database where the 
            // activation code equals any from the table.

            $activ = sprintf('SELECT `activation` FROM `users` WHERE `actcode` = ("%s")', $activation);

            $acti = mysql_query($activ) or die (mysql_error());

            if(mysql_num_rows($acti)) {

                //We edit the table to make activated in yes.
				
				$done = "yes";

                $updating = sprintf('UPDATE `users` SET `activated` = ("%s"), `actcode` = ("%s") WHERE `actcode` = ("%s")', yes, NULL, $activation);

                $update = mysql_query($updating) or die(mysql_error());

                echo 'You have successfully activated your account. You may not log in. Thank you.';

            } else { //If it was 0 rows

                echo 'Activation code is incorrect.';

            }

        } else { //if code was blank

            echo 'Code is blank.';

        }

?>

SQL i used to test was:

CREATE TABLE `users` (
  `user_id` int(11) NOT NULL auto_increment,
  `user_name` varchar(255) NOT NULL default '',
  `activation` varchar(255) NOT NULL default '',
  `activated` varchar(255) NOT NULL default '',
  `actcode` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`user_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

Apology to Pieman, Seems it works either way stated =]

I was under the impression that to say

if($activation = $_GET['code']) { 
    //code
}

Both $activation and $_GET['code'] would need to have values, But seems it passes that anyway, Strange imo.

 

[TomParad0x]

Re: I need some help.

empty() isnt a good choice, It isnt really reliable and is known to have issues so i hear from a friend, What the issues are, I do not know as i dont user empty() so wouldnt need to know.

if(strlen($activation)) {
    // Code here...
}

Would be the way would suggest, If the string length is NULL, Then it doesnt display. Just like empty() but without any known issues.

Edit:

Try this...

<?php //Start php

include('config.php');
    
    // In the url we should have &code={characters} in it
    // this is the users activation code. 
    // We use the $_GET function in order to pull it out of the url into a variable. 
    // We use the if statement in this to make sure that we have it here, if it we dont, 
    // then we can show a message that it's not there.

        // If there is no $_GET['code'], Die!
        if(!$_GET['code']) {
            echo 'There is no code';
            exit();
        }
        
        // Set $activation variable..
        $activation = $_GET['code'];
        
        //Check to see if it's not empty

        if(strlen($activation)) {

            // Now we got the activation code they came here with, we need to select from the database where the 
            // activation code equals any from the table.

            $activ = sprintf('SELECT `activation` FROM `users` WHERE `actcode` = ("%u")', $activation);

            $acti = mysql_query($activ) or die (mysql_error());

            //We want to find out if there are any rows with this, if so, it should come up with 1, if not, then 0.

            $actin = mysql_num_rows($acti);

            //Using the if statement, we can see if the activation is correct, since it should return higher than 0.

            if(strlen($actin)) {

                //We edit the table to make activated in yes.

                $updating = sprintf('UPDATE `users` SET `activated` = ("%s") WHERE `activation` = ("%s")', yes, $code);

                $update = mysql_query($updating) or die(mysql_error());

                echo 'You have successfully activated your account. You may not log in. Thank you.';

            } else { //If it was 0 rows

                echo 'Activation code is incorrect.';

            }

        } else { //if code was blank

            echo 'Code is blank.';

        }

?>

I have never had a problem using empty(), any chance you can find out what issues it has, so I may test it and see?

Edit: Issues and PHP version range that it effects, if you can. Thanks.

 

[fook3d]

Re: I need some help.

I have never had a problem using empty(), any chance you can find out what issues it has, so I may test it and see?

Edit: Issues and PHP version range that it effects, if you can. Thanks.

When i catch her online again, I will ask her why she recommended against using it. She has 30+ years experience in web development, Including PHP, C++ and various others, So i have no reason not to believe what she said.

But i will be sure to get more information about her reasoning and what she knows that we dont =]

 

[Daevius]

Never had problems with empty() either, AFAIK they're are all different:

if ($string)
if (strlen($string))
if (empty($string))

As for the query, using `'s around table name and column names is more secure. Sometimes it gives you a weird error when you use a keyword as table name. For instance, this will give an error:

SELECT * FROM select

This not:

SELECT * FROM `select`

 

[TomParad0x]

When i catch her online again, I will ask her why she recommended against using it. She has 30+ years experience in web development, Including PHP, C++ and various others, So i have no reason not to believe what she said.

But i will be sure to get more information about her reasoning and what she knows that we dont =]

Thanks, I am not doubting her experience, there may be an issue and I have not seen it - but I would like to see if it affects anything I do.

While I do not have 30 years, I have been doing PHP for a little while.

Never had problems with empty() either, AFAIK they're are all different:

if ($string)
if (strlen($string))
if (empty($string))

As for the query, using `'s around table name and column names is more secure. Sometimes it gives you a weird error when you use a keyword as table name. For instance, this will give an error:

SELECT * FROM select

This not:

SELECT * FROM `select`

yea, I used to not use `, then I used a keyword in the query... Iit took me a while to figure out what was wrong, lol.

 

[fook3d]

Well, I got a reply from her about empty() and here it is.

Empty( ) is in fact an operator -- not a function, which means that there are certain ares it doesn't work in.

Now, yes it works ... but ... I often have complex code where I may change the top level and expect the bottom levels to work. If I used empty ... it may fail, so I prefer to use the true functions: strlen, count etc. (Which incidentaly is what empty calls - therefore being *marginally* slower)

Hope you guys understand it better than i do, All i get from this is what sometimes it fails (Across all PHP versions) and its sightly slower than using other functions.

PHP is generally slow anyway, So anything to make it slightly faster is always welcomed by me :thumbs-up