Solved

Getting a simple MySQL Error????

Posted on 2011-03-13
23
214 Views
Last Modified: 2012-05-11
Hello All,

I have a error coming up in mySQL in my page, The error is as follows:
"Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /mypath/ on line 97
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = ) OR activity <>"

And the code is here
echo $show_more_button;
	$userip = $_REQUEST['uid'];
	$sql_notification="
		SELECT DISTINCT log_id,userid,log_table_id,activity,log_date,log_date AS newsfeed_log_date
		FROM newfeed_table 
		WHERE userid 
		IN (SELECT fuid FROM bp_frieds WHERE uid=" . $userip . ")
		OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = " . $userip . ")
		OR activity <> 2 AND userid= " . $userip . " order by newfeed_table.log_id desc LIMIT 0,10
	";

	$check_feed_count = mysql_query("
		SELECT DISTINCT log_table_id,activity,log_date,userid 
		FROM newfeed_table 
		WHERE userid 
		IN (SELECT fuid FROM bp_frieds WHERE uid = " . $userip . ")
		OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = " . $userip . ")
		OR activity <> 2 AND userid = " . $userip . " ORDER BY newfeed_table.log_id desc LIMIT 0,10
	");
	$check_feed_result = mysql_num_rows(@$check_feed_count);
	
	if($check_feed_result > 0) { 
		$show_more_button = 1;
	}

Open in new window

0
Comment
Question by:piixeldesigns
  • 9
  • 6
  • 3
  • +3
23 Comments
 
LVL 2

Expert Comment

by:sihar86
ID: 35124851
Sorry, I don't understand what you mean
0
 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124855
This part
(SELECT uid FROM bp_frieds WHERE fuid = ) 

Open in new window

of the error message looks like $userip is not set or is either NULL or ''.

Echo either $userip or the entire SQL statement to be sure.
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35124863
I try to do this but when I do it it does nothing at all, what code should I be using for this?

Thanks
0
 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124879
$userip = $_REQUEST['uid'];
echo ":$userip:";

Open in new window

if you just get two colons, then the $userip variable is not being set.
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35124927
Nothing shows up so I don't think it is being set?

I have the userip variable in the url which I am retrieving with a $_GET.

How would I set this variable?
0
 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124961
If you want a default value, then what I usually do is something like this:
$userip = (isset($_GET['uid'])) ? mysql_escape_string($_GET['uid']) : 'default-value';

Open in new window

Otherwise I would do something like:
$userip = (isset($_GET['uid'])) ? mysql_escape_string($_GET['uid']) : false;
if ($userip) {
    	$sql_notification="
...

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35125009
Hmm I did this but unfortuantly I am still getting the same error (the code I showed you in the first post) is all included in a file into another page.

Thanks,
0
 
LVL 17

Expert Comment

by:shinuq
ID: 35125440
Also the SQL query need to be edited for the section

uid = " . $userip . "

should be

uid = '" . $userip . "'


You need to add single quotes around the variable

hope this helps

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35125586
Thanks Shinuq - I have tried this with no luck - now I am just getting a blank page with no errors or content at all?

Thanks,
George
0
 
LVL 17

Expert Comment

by:shinuq
ID: 35125631
please add this code in the top of your script for debugging

error_reporting(E_ALL);
ini_set("display_errors,1);

You can disable this once the script is working.

Hope this helps
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35125754
change this
$check_feed_result = mysql_num_rows(@$check_feed_count);
to
$check_feed_result = mysql_num_rows($check_feed_count);

If your page with the error reporting shows nothing - it means that there are no records. Can you verify them putting your query directly to phpmyadmin ?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35128068
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in...
This almost certainly means that the query failed.  You want to print out the query string and the contents of the functions mysql_errno() and mysql_error().  You also want to add error_reporting(E_ALL) to the top of your scripts.

But you have a bigger issue threatening your server.  Consider this line of code:
$userip = $_REQUEST['uid'];

Your query uses external input in the form of $userip without checking the values of this string.  Thus you ensure that catastrophe is not left to chance!  Please learn about the important security basics of PHP and MySQL.  This book will help you get some foundation in these topics.
http://www.sitepoint.com/books/phpmysql4/

In particular, please read about this function.  To quote, "This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."
http://us3.php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 35128145
To expand a little more on the critically important concept of Accept Only Known Good Values, here is a function to help you determine some of the facts about an external variable.  
http://php.net/manual/en/function.filter-var.php

In addition to the simple filter-and-validate functions, you might also want to apply some sanity checks.  Do you expect a positive integer?  Cast the external string to the integer data type and test to see if it is greater than zero.  Do you expect a string with only letters and numbers?  Use REGEX to remove all non-alphanumeric characters and compare the resulting string to the original.  If they do not match, do not use the data - it is not what you expected.

Also, please be aware of the way the $_REQUEST array is populated.  It could be either GET or POST method data.  If you want to write this code the way a professional might write it, you need to know whether the data came via the GET or POST method!  GET is useful for asking questions.  POST is useful for updating the data model.  REQUEST contains both methods, and GET usually supersedes or overwrites POST.  Thus a script that uses REQUEST may inadvertently allow a GET request to change the underlying data of the web site.  That makes you a potential victim of even the clumsiest hackers.
// DO NOT DO THIS
$userip = $_REQUEST['uid'];


// INSTEAD DO SOMETHING LIKE THIS
if (isset($_REQUEST['uid']))
{
    $userip = mysql_real_escape_string($_REQUEST['uid']);
}
else
{
    $userip = 'UNKNOWN'
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35128314
Hi Ray,

Thanks for this information - I will definatly look through all of this information and make some changes throughout this. Also when I come to echo or print the query out it displays nothing? How would you do this? I just simply get a blank page.

Thanks Ray,
PD
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35132784
Here is how you might want to handle query errors during the debugging process.
// CONSTRUCT THE QUERY STRING IN A VARIABLE
$sql = "SELECT thing FROM table WHERE something = '$safe_variable_string'";

// RUN THE QUERY AND GET THE RETURN VALUE
$res = mysql_query($sql);

// IF mysql_query() RETURNS FALSE, GET THE ERROR REASONS
if (!$res)
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35135297
I think the problem may lie here in a general form, when I use a hard coded id number it works yet if I try and get the ID from the URL variable using $_GET it displays that mysql error.

Please note:
This code is in an included file which is included in the main index.php page.

$getUserData = $_GET['uid'];
if($_REQUEST['uid'] != "") { 
	$getUserData = $_REQUEST['uid']; 
} else if($_SESSION['publicid'] != "") { 
	$getUserData = $_SESSION['publicid'];
    if($getUserData == $_SESSION['publicid']) {
        $getUserData = $_GET['fid'];
    }
}

Open in new window


Thanks in Advance,
PD
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35137903
The code snippet above does not really make sense to me.  I have annotated it with comments and posted it below.

Here is what you might want to do...

1. Add error_reporting(E_ALL); to the top of your script to be sure you are not relying on an undefined variable anywhere.
2. Try to explain in plain language what rules you want to apply to the external variables in the course of setting the $getUserData string.
3. Use var_dump($_GET) and var_dump($_REQUEST) to see what is present in those variables.
4. User var_dump($_SESSION) to see the contents of the session array.

You'll find the output of var_dump() is easier to read when you echo "<pre>" before calling the dump function.

HTH, ~Ray
<?php

// ALWAYS USE THE HIGHEST POSSIBLE LEVEL OF ERROR REPORTING!
error_reporting(E_ALL);

// LOOK IN THE URL FOR uid=[something] AND ASSIGN THAT STRING TO $getUserData
$getUserData = $_GET['uid'];

// PROBABLY $_REQUEST CONTAINS THE SAME ELEMENTS AS $_GET SO THIS WILL BE TRUE OR FALSE DEPENDING ON THE URL
if ($_REQUEST['uid'] != "") 
{ 
    // ASSIGN THE SAME THING TO $getUserData JUST LIKE WE DID ON LINE 7
    $getUserData = $_REQUEST['uid']; 
}

// HOWEVER IF $_REQUEST['uid'] IS A STRING OF ZERO LENGTH, TEST TO SEE IF $_SESSION['publicid'] IS NOT A STRING OF ZERO LENGTH
elseif ($_SESSION['publicid'] != "") 
{ 
    // ASSIGN (OR REASSIGN) $getUserData
    $getUserData = $_SESSION['publicid'];
    
    // NOW IF WE HAVE JUST DONE THIS REASSIGNMENT...
    if ($getUserData == $_SESSION['publicid']) 
    {
        // CHANGE THE ASSIGNED DATA TO BE THE CONTENTS OF THE URL fid=[something]
        $getUserData = $_GET['fid'];
    }
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35138977
Thanks Ray - I am getting the errors undefined index fid now, but I am still getting this error as mentioned above in my mysql and nothing is being displayed.

As a quick questions is it possible to use a $_GET variable from inside a included file?

Thanks Again
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35139390
Sorry for example if I use this:

$member_ID = 8;

It populates my page as the above variable is used in my mysql query

yet if I try and get $member_ID = $_GET['fid'];
which = 8 in the url it just doesn't display anything.

I am using this code in an include file.

Thanks,
PD
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35139438
Sorry for example if I use this:

$member_ID = 8;

It populates my page as the above variable is used in my mysql query

yet if I try and get $member_ID = $_GET['fid'];
which = 8 in the url it just doesn't display anything.

I am using this code in an include file.

Thanks,
PD
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35139676
possible to use a $_GET variable from inside a included file?
Yes, $_GET is a superglobal array.  Included files assume the variable scope of the script that includes them.

undefined index fid
This means that your URL did not have an argument for "fid="

Please refer back to this post: ID:35128068.  I really think you want to get that book before you go much further down this path.  There are just too many confusions and questions for me to believe that you have enough depth of knowledge of PHP to try to write this script yourself.  If you step back from the problem and give yourself a month to work through the examples in that book you will be light-years ahead of where you are now.  SitePoint books cannot make you a professional programmer, but they are typically very readable with good code examples.  You might also want to work through the introductory PHP tutorial.
http://php.net/tut.php

Let's try to put at least one part of this question to bed.  Please add this code to the top of your script.  Then post the URL you used to run the script, and the output you got from running the script.  Thanks, ~Ray
<?php 
error_reporting(E_ALL);
echo "<pre>";
var_dump($_GET);

Open in new window

0
 
LVL 17

Expert Comment

by:shinuq
ID: 35144401
I think the problem is with the first instance of the page, when actually there wont be any GET variables passed.

Another reason could be in the php.ini file, check that you have the following tow variables defned in the php.ini file.

variables_order = "GPCS"  and request_order = "GP"

The last thing, if you could post the URL with the parameters, its easy to define where could be the issue.

Hope this helps
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 35147030
Some required reading to understand what shinuq is telling you.  In the standard PHP 5.3+ installation, variables_order = EGPCS and request_order = no value.
http://php.net/manual/en/reserved.variables.request.php
http://php.net/manual/en/ini.core.php#ini.request-order
http://php.net/manual/en/ini.core.php#ini.variables-order

And register globals should be set OFF but it is sometimes left on by some shared hosting services, a dangerous practice.
http://php.net/manual/en/ini.core.php#ini.register-globals

In addition to reading these pages, if you are interested in becoming a skilled PHP programmer, you probably want to read the entire PHP.net web site!

Best regards, ~Ray
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now