Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Getting a simple MySQL Error????

Posted on 2011-03-13
23
Medium Priority
?
220 Views
Last Modified: 2012-05-11
Hello All,

I have a error coming up in mySQL in my page, The error is as follows:
"Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /mypath/ on line 97
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = ) OR activity <>"

And the code is here
echo $show_more_button;
	$userip = $_REQUEST['uid'];
	$sql_notification="
		SELECT DISTINCT log_id,userid,log_table_id,activity,log_date,log_date AS newsfeed_log_date
		FROM newfeed_table 
		WHERE userid 
		IN (SELECT fuid FROM bp_frieds WHERE uid=" . $userip . ")
		OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = " . $userip . ")
		OR activity <> 2 AND userid= " . $userip . " order by newfeed_table.log_id desc LIMIT 0,10
	";

	$check_feed_count = mysql_query("
		SELECT DISTINCT log_table_id,activity,log_date,userid 
		FROM newfeed_table 
		WHERE userid 
		IN (SELECT fuid FROM bp_frieds WHERE uid = " . $userip . ")
		OR userid IN (SELECT uid FROM bp_frieds WHERE fuid = " . $userip . ")
		OR activity <> 2 AND userid = " . $userip . " ORDER BY newfeed_table.log_id desc LIMIT 0,10
	");
	$check_feed_result = mysql_num_rows(@$check_feed_count);
	
	if($check_feed_result > 0) { 
		$show_more_button = 1;
	}

Open in new window

0
Comment
Question by:piixeldesigns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 3
  • +3
23 Comments
 
LVL 2

Expert Comment

by:sihar86
ID: 35124851
Sorry, I don't understand what you mean
0
 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124855
This part
(SELECT uid FROM bp_frieds WHERE fuid = ) 

Open in new window

of the error message looks like $userip is not set or is either NULL or ''.

Echo either $userip or the entire SQL statement to be sure.
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35124863
I try to do this but when I do it it does nothing at all, what code should I be using for this?

Thanks
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124879
$userip = $_REQUEST['uid'];
echo ":$userip:";

Open in new window

if you just get two colons, then the $userip variable is not being set.
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35124927
Nothing shows up so I don't think it is being set?

I have the userip variable in the url which I am retrieving with a $_GET.

How would I set this variable?
0
 
LVL 12

Expert Comment

by:zappafan2k2
ID: 35124961
If you want a default value, then what I usually do is something like this:
$userip = (isset($_GET['uid'])) ? mysql_escape_string($_GET['uid']) : 'default-value';

Open in new window

Otherwise I would do something like:
$userip = (isset($_GET['uid'])) ? mysql_escape_string($_GET['uid']) : false;
if ($userip) {
    	$sql_notification="
...

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35125009
Hmm I did this but unfortuantly I am still getting the same error (the code I showed you in the first post) is all included in a file into another page.

Thanks,
0
 
LVL 17

Expert Comment

by:Shinesh Premrajan
ID: 35125440
Also the SQL query need to be edited for the section

uid = " . $userip . " 

should be

uid = '" . $userip . "'


You need to add single quotes around the variable

hope this helps

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35125586
Thanks Shinuq - I have tried this with no luck - now I am just getting a blank page with no errors or content at all?

Thanks,
George
0
 
LVL 17

Expert Comment

by:Shinesh Premrajan
ID: 35125631
please add this code in the top of your script for debugging

error_reporting(E_ALL);
ini_set("display_errors,1);

You can disable this once the script is working.

Hope this helps
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35125754
change this
$check_feed_result = mysql_num_rows(@$check_feed_count);
to
$check_feed_result = mysql_num_rows($check_feed_count);

If your page with the error reporting shows nothing - it means that there are no records. Can you verify them putting your query directly to phpmyadmin ?
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35128068
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in...
This almost certainly means that the query failed.  You want to print out the query string and the contents of the functions mysql_errno() and mysql_error().  You also want to add error_reporting(E_ALL) to the top of your scripts.

But you have a bigger issue threatening your server.  Consider this line of code:
$userip = $_REQUEST['uid'];

Your query uses external input in the form of $userip without checking the values of this string.  Thus you ensure that catastrophe is not left to chance!  Please learn about the important security basics of PHP and MySQL.  This book will help you get some foundation in these topics.
http://www.sitepoint.com/books/phpmysql4/

In particular, please read about this function.  To quote, "This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."
http://us3.php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 35128145
To expand a little more on the critically important concept of Accept Only Known Good Values, here is a function to help you determine some of the facts about an external variable.  
http://php.net/manual/en/function.filter-var.php

In addition to the simple filter-and-validate functions, you might also want to apply some sanity checks.  Do you expect a positive integer?  Cast the external string to the integer data type and test to see if it is greater than zero.  Do you expect a string with only letters and numbers?  Use REGEX to remove all non-alphanumeric characters and compare the resulting string to the original.  If they do not match, do not use the data - it is not what you expected.

Also, please be aware of the way the $_REQUEST array is populated.  It could be either GET or POST method data.  If you want to write this code the way a professional might write it, you need to know whether the data came via the GET or POST method!  GET is useful for asking questions.  POST is useful for updating the data model.  REQUEST contains both methods, and GET usually supersedes or overwrites POST.  Thus a script that uses REQUEST may inadvertently allow a GET request to change the underlying data of the web site.  That makes you a potential victim of even the clumsiest hackers.
// DO NOT DO THIS
$userip = $_REQUEST['uid'];


// INSTEAD DO SOMETHING LIKE THIS
if (isset($_REQUEST['uid']))
{
    $userip = mysql_real_escape_string($_REQUEST['uid']);
}
else
{
    $userip = 'UNKNOWN'
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35128314
Hi Ray,

Thanks for this information - I will definatly look through all of this information and make some changes throughout this. Also when I come to echo or print the query out it displays nothing? How would you do this? I just simply get a blank page.

Thanks Ray,
PD
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35132784
Here is how you might want to handle query errors during the debugging process.
// CONSTRUCT THE QUERY STRING IN A VARIABLE
$sql = "SELECT thing FROM table WHERE something = '$safe_variable_string'";

// RUN THE QUERY AND GET THE RETURN VALUE
$res = mysql_query($sql);

// IF mysql_query() RETURNS FALSE, GET THE ERROR REASONS
if (!$res)
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35135297
I think the problem may lie here in a general form, when I use a hard coded id number it works yet if I try and get the ID from the URL variable using $_GET it displays that mysql error.

Please note:
This code is in an included file which is included in the main index.php page.

$getUserData = $_GET['uid'];
if($_REQUEST['uid'] != "") { 
	$getUserData = $_REQUEST['uid']; 
} else if($_SESSION['publicid'] != "") { 
	$getUserData = $_SESSION['publicid'];
    if($getUserData == $_SESSION['publicid']) {
        $getUserData = $_GET['fid'];
    }
}

Open in new window


Thanks in Advance,
PD
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35137903
The code snippet above does not really make sense to me.  I have annotated it with comments and posted it below.

Here is what you might want to do...

1. Add error_reporting(E_ALL); to the top of your script to be sure you are not relying on an undefined variable anywhere.
2. Try to explain in plain language what rules you want to apply to the external variables in the course of setting the $getUserData string.
3. Use var_dump($_GET) and var_dump($_REQUEST) to see what is present in those variables.
4. User var_dump($_SESSION) to see the contents of the session array.

You'll find the output of var_dump() is easier to read when you echo "<pre>" before calling the dump function.

HTH, ~Ray
<?php

// ALWAYS USE THE HIGHEST POSSIBLE LEVEL OF ERROR REPORTING!
error_reporting(E_ALL);

// LOOK IN THE URL FOR uid=[something] AND ASSIGN THAT STRING TO $getUserData
$getUserData = $_GET['uid'];

// PROBABLY $_REQUEST CONTAINS THE SAME ELEMENTS AS $_GET SO THIS WILL BE TRUE OR FALSE DEPENDING ON THE URL
if ($_REQUEST['uid'] != "") 
{ 
    // ASSIGN THE SAME THING TO $getUserData JUST LIKE WE DID ON LINE 7
    $getUserData = $_REQUEST['uid']; 
}

// HOWEVER IF $_REQUEST['uid'] IS A STRING OF ZERO LENGTH, TEST TO SEE IF $_SESSION['publicid'] IS NOT A STRING OF ZERO LENGTH
elseif ($_SESSION['publicid'] != "") 
{ 
    // ASSIGN (OR REASSIGN) $getUserData
    $getUserData = $_SESSION['publicid'];
    
    // NOW IF WE HAVE JUST DONE THIS REASSIGNMENT...
    if ($getUserData == $_SESSION['publicid']) 
    {
        // CHANGE THE ASSIGNED DATA TO BE THE CONTENTS OF THE URL fid=[something]
        $getUserData = $_GET['fid'];
    }
}

Open in new window

0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35138977
Thanks Ray - I am getting the errors undefined index fid now, but I am still getting this error as mentioned above in my mysql and nothing is being displayed.

As a quick questions is it possible to use a $_GET variable from inside a included file?

Thanks Again
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35139390
Sorry for example if I use this:

$member_ID = 8;

It populates my page as the above variable is used in my mysql query

yet if I try and get $member_ID = $_GET['fid'];
which = 8 in the url it just doesn't display anything.

I am using this code in an include file.

Thanks,
PD
0
 
LVL 1

Author Comment

by:piixeldesigns
ID: 35139438
Sorry for example if I use this:

$member_ID = 8;

It populates my page as the above variable is used in my mysql query

yet if I try and get $member_ID = $_GET['fid'];
which = 8 in the url it just doesn't display anything.

I am using this code in an include file.

Thanks,
PD
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35139676
possible to use a $_GET variable from inside a included file?
Yes, $_GET is a superglobal array.  Included files assume the variable scope of the script that includes them.

undefined index fid
This means that your URL did not have an argument for "fid="

Please refer back to this post: ID:35128068.  I really think you want to get that book before you go much further down this path.  There are just too many confusions and questions for me to believe that you have enough depth of knowledge of PHP to try to write this script yourself.  If you step back from the problem and give yourself a month to work through the examples in that book you will be light-years ahead of where you are now.  SitePoint books cannot make you a professional programmer, but they are typically very readable with good code examples.  You might also want to work through the introductory PHP tutorial.
http://php.net/tut.php

Let's try to put at least one part of this question to bed.  Please add this code to the top of your script.  Then post the URL you used to run the script, and the output you got from running the script.  Thanks, ~Ray
<?php 
error_reporting(E_ALL);
echo "<pre>";
var_dump($_GET);

Open in new window

0
 
LVL 17

Expert Comment

by:Shinesh Premrajan
ID: 35144401
I think the problem is with the first instance of the page, when actually there wont be any GET variables passed.

Another reason could be in the php.ini file, check that you have the following tow variables defned in the php.ini file.

variables_order = "GPCS"  and request_order = "GP"

The last thing, if you could post the URL with the parameters, its easy to define where could be the issue.

Hope this helps
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35147030
Some required reading to understand what shinuq is telling you.  In the standard PHP 5.3+ installation, variables_order = EGPCS and request_order = no value.
http://php.net/manual/en/reserved.variables.request.php
http://php.net/manual/en/ini.core.php#ini.request-order
http://php.net/manual/en/ini.core.php#ini.variables-order

And register globals should be set OFF but it is sometimes left on by some shared hosting services, a dangerous practice.
http://php.net/manual/en/ini.core.php#ini.register-globals

In addition to reading these pages, if you are interested in becoming a skilled PHP programmer, you probably want to read the entire PHP.net web site!

Best regards, ~Ray
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question