...

View Full Version : Warning: mysql_num_rows(): supplied argument is not a valid MySQL resu, php wrong



amail
10-11-2009, 06:32 PM
hi
can someone please help me? i am trying to send activation code to new member and i get only wrong msg in my files....

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/arash/public_html/activation.php on line 11
Invalid Validation Code


<?php
session_start();
include "mysql.php";
$c;
if(!$_GET['code'] || !$_GET['act'])
{
die("Invalid Use Of System.");
} else {
$code=$_GET['code'];
$cq=mysql_query("select * from confirm where code=$code",$c);
if(mysql_num_rows($cq)== 0)
{ die("Invalid Validation Code"); }
$r=mysql_fetch_array($cq);
if($_GET['act'] == 'activate')
{
mysql_query("UPDATE users SET confirmed='1' WHERE userid={$r[user]}",$c);
mysql_query("DELETE FROM confirm WHERE code=$code",$c);
print "Account Validated!<br />
<a href='login.php'>Login</a>";
} else if($_GET[act] == 'cancel')
{
mysql_query("DELETE FROM users WHERE userid={$r[user]}",$c);
mysql_query("DELETE FROM confirm WHERE code=$code",$c);
print "Your account has successfully been cancelled, Were sorry you had to leave.";exit;
} else {
die("Invalid Action.");
}

}
?>

met
10-11-2009, 06:38 PM
$code=$_GET['code'];
$cq=mysql_query("select * from confirm where code=$code",$c);


is wrong, $code will be a string and you need to wrap it in quotes:


$code=$_GET['code'];
$cq=mysql_query("select * from confirm where code='".$code."'",$c);


and its very unwise to have the $code directly in to the query, read up on SQL injection;

oesxyl
10-11-2009, 07:17 PM
what is $c and what do you intend to do with this line:


$c;

also what do intent to do with $c in this?


$cq=mysql_query("select * from confirm where code=$code",$c);

why you assume that everything is ok and don't check $cq to see if is really ok?

best regards

met
10-11-2009, 07:22 PM
well mysql_query takes 2 parameters, the query string and a resource identifier. $c will be a database connection, probably set in the included file mysql.php but it isn't really necessary unless working with multiple connections.

oesxyl
10-11-2009, 07:40 PM
well mysql_query takes 2 parameters, the query string and a resource identifier. $c will be a database connection, probably set in the included file mysql.php but it isn't really necessary unless working with multiple connections.
probably you are right, :) I prefere to wait op answer, :)

best regards



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum