Solved

php / MySQL issue??

Posted on 2013-01-17
15
300 Views
Last Modified: 2013-01-17
I have a site that I just moved from one account at GoDaddy to another. It worked fine at the old account. At the new account, it will not work.

Specifically, I get the following:

qry = SELECT * from homeowner where email = 'jboland11@cox.net' and password = 'Triumph'
res =

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/21/10338421/html/chk_login.php on line 17

Warning: Cannot modify header information - headers already sent by (output started at /home/content/21/10338421/html/chk_login.php:14) in /home/content/21/10338421/html/chk_login.php on line 19

The source php file is attached.

I took the sql as displayed in the echo & ran it against the database using phpMySql. It works fine & returns one row in the result set.

What is going on??

Thanks
chk-login.php
0
Comment
Question by:Richard Korts
  • 7
  • 5
  • 3
15 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38789762
It looks like you probably didn't change the server name because you are not getting a 'valid' resource returned.  And line 3 in that code is "localhosterror_reporting(E_ALL);" which is wrong.  Should be "error_reporting(E_ALL);", the 'localhost' is an error.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789787
You probably want to get in the habit of using the full <?php tag instead of short open.  I'll see what else I can find... back in a few.
0
 

Author Comment

by:Richard Korts
ID: 38789816
To Dave Baldwin

That inclusion of localhosterror_report........ was an error; that is NOT included in the real code. I was changing the $Host variable to "localhost" to hide the REAL host; had the cursor in the wrong place.

The "real" GoDaddy host name is:

Hostname:
GBHAdb.db.10338421.hostedresource.com

I did a MASS replace of the numeric part (which was different on the "OLD" account). So I think it's right.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789829
Here is the script with some comments and some man page links that may be helpful.  I think your script has to select the DB.  It's wise to use the escape() functions before running a query.  You're looking for one row, so you use the LIMIT query.

While this is untested code, I believe it will be correct in principle.  If you see anything you don't understand in here, please post back and I'll try to help.

Also, you probably want to begin converting to PDO or MySQLi -- MySQL is going away soon.

<?php // RAY_temp_rkorts.php
ini_set('display_errors', TRUE);
error_reporting(E_ALL);
session_start();


// THE ABSOLUTE MINIMUM YOU MUST UNDERSTAND TO USE PHP AND MYSQL
// MAN PAGE: http://php.net/manual/en/ref.mysql.php
// MAN PAGE: http://php.net/manual/en/mysql.installation.php
// MAN PAGE: http://php.net/manual/en/function.mysql-connect.php
// MAN PAGE: http://php.net/manual/en/function.mysql-select-db.php
// MAN PAGE: http://php.net/manual/en/function.mysql-real-escape-string.php
// MAN PAGE: http://php.net/manual/en/function.mysql-query.php
// MAN PAGE: http://php.net/manual/en/function.mysql-errno.php
// MAN PAGE: http://php.net/manual/en/function.mysql-error.php
// MAN PAGE: http://php.net/manual/en/function.mysql-num-rows.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-assoc.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-array.php
// MAN PAGE: http://php.net/manual/en/function.mysql-insert-id.php
// MAN PAGE: http://php.net/manual/en/function.error-log.php


// DATABASE CONNECTION AND SELECTION VARIABLES - GET THESE FROM YOUR HOSTING COMPANY
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "GBHAdb";
$db_user = "GBHAdb";
$db_word = "xyz";


// OPEN A CONNECTION TO THE DATA BASE SERVER
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION: ";
    echo "<br/> $err <br/>";
}

// SELECT THE MYSQL DATA BASE
if (!mysql_select_db($db_name, $db_connection))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION: ";
    echo "<br/> $err <br/>";
    die('NO DATA BASE');
}
// IF THE SCRIPT GETS THIS FAR IT CAN DO QUERIES

// MAKE EXTERNAL VARIABLES SAFE FOR USE IN QUERY
$e = mysql_real_escape_string($_POST['email']);
$p = mysql_real_escape_string($_POST['pwd']);

// CONSTRUCT THE QUERY STRING FROM SAFE VARIABLES
$qry = "SELECT * from homeowner where email = '$e' and password = '$p' LIMIT 1";

// IF mysql_query() RETURNS FALSE, LOG AND SHOW THE ERROR
$res = mysql_query($sql);
if (!$res)
{
    $err
    = "QUERY FAIL: "
    . $sql
    . ' ERRNO: '
    . mysql_errno()
    . ' ERROR: '
    . mysql_error()
    ;
    error_log($err);

    // HANDLE THE PROGRAMMATIC CONSEQUENCES HERE
    die($err);
}
// IF WE GET THIS FAR, THE QUERY SUCCEEDED AND WE HAVE A RESOURCE-ID IN $res SO WE CAN NOW USE $res IN OTHER MYSQL FUNCTIONS

// GET THE COUNT OF ROWS
$nr = mysql_num_rows($res);

// IF NO ROWS, REDIRECT
if ($nr == 0) 
{
	header("Location: index.php?bad=Y");
	exit;
} 

// COPY SOME VARIABLES INTO THE SESSION
$_SESSION['pwd'] = $_POST['pwd'];
$h = mysql_fetch_assoc($res);
$_SESSION['lot'] = $h['lot'];
if (intval($_SESSION['lot']) < 82) 
{
    $_SESSION['ccr'] = "pdf/Covenants_Units1&2.pdf";
} 
else 
{
    $_SESSION['ccr'] = "pdf/Covenants_Unit3.pdf";
}
$_SESSION['alast_used'] = time();
header("Location: home.php");
exit;

Open in new window

HTH, ~Ray
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789831
The "real" GoDaddy host name probably belongs in the code I posted at line 24.
0
 

Author Comment

by:Richard Korts
ID: 38789833
To all,

I changed the opening tag to <?php. Same result.

If the host was wrong wouldn't the $con = mysql_connect ($Host, $User, $Password) fail?

Thanks,

Richard
0
 

Author Comment

by:Richard Korts
ID: 38789862
To all,

To test the connection, I pasted in Ray's code & ran it again; same result.

I have attached all the REAL code EXCEPT the password.

Thanks,

Richard
chk-login.php
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Richard Korts
ID: 38789871
To all,

Do you think maybe the GoDaddy Database is NOT yet set up?

It let me upload all the tables (structure & data) using phpMyAdmin.

I guess I'll have to move it back to my other hosting environment (at 1 & 1) to make it work.

ARRRRRRRRRRRRRGH!
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 38789873
Here is the original script.
<?
session_start();
localhosterror_reporting(E_ALL);
// set up database
$Host = "localhost";
$User = "GBHAdb";
$Password = "xyz";
$DBName = "GBHAdb";
$con = mysql_connect ($Host, $User, $Password);
if (!$con) {
	die('Could not connect: ' . mysql_error());
 }
$qry = "SELECT * from homeowner where email = '" . $_POST['email'] . "' and password = '" . $_POST['pwd'] . "'";
echo "qry = " . $qry . "<br>";
$res = mysql_query($qry, $con);
echo "res = " . $res . "<br>";
$nr = mysql_num_rows($res);
if ($nr == 0) {
	header("Location: index.php?bad=Y");
} else {
	$_SESSION['pwd'] = $_POST['pwd'];
	$h = mysql_fetch_array($res);
	$_SESSION['lot'] = $h['lot'];
	if (intval($_SESSION['lot']) < 82) {
		$_SESSION['ccr'] = "pdf/Covenants_Units1&2.pdf";
	} else {
		$_SESSION['ccr'] = "pdf/Covenants_Unit3.pdf";
	}	
	$_SESSION['alast_used'] = time();
	header("Location: home.php");
}
exit;	
?>

Open in new window

For better or worse, programming is an activity that requires meticulous attention to detail.  It's necessary to test for error conditions and visualize the issues.  In this script, the error checking is missing, so we have no way of knowing what went wrong.  Also, it appears to be missing this function:
http://php.net/manual/en/function.mysql-select-db.php
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789882
From the most recent code snippet, it appears that you did not paste my code in, and it appears that there is still no error checking, and it appears that there is still no mysql_select_db() function call.  I'm not a fan of GoDaddy, but it looks like you have some more work to do before you decide it's their problem.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38789886
Ray may have the clue since if you moved to a 'new' hosting account, it will probably have PHP 5.3 and 'short_open_tag' may be off.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789896
To know if PHP is at 5.3, etc., you can run this script (posted here in its entirety).

<?php phpinfo();

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38789916
You guys were busy while I was talking to Godaddy.  Setting up databases on Godaddy usually takes about a 30 minutes most days.  However, until it is setup, you can not do anything with it.  So if you were able to load your database in phpMyAdmin, it is up and running.

I am responsible for 8 web sites on Godaddy on both Linux and Windows hosting.  I have no problems with Godaddy in maintaining those sites.  But then, the only reason I call them is for policy issues, not technical issues.
0
 

Author Closing Comment

by:Richard Korts
ID: 38789929
The issue was a comedy of errors, on my part.

First off, I had the old style mysql query (mysql_db_query) so when I first ran it, it gave me a depreciated error. So I changed it to mysql_query, but I FAILED to recognize that I had to ALSO use mysql_db_select to NAME the database. Based on Ray's last comments, I put that it and VWALLA, it works.

I have 3 million scripts (exaggeration) using the "old" style, Now you are saying I will have to convert MySQL to something else? Soon?

That's even worse.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789934
Yes, it's going to be a big issue.  Please see the large red warning box on this page:
http://us3.php.net/manual/en/function.mysql-connect.php
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Creating and Managing Databases with phpMyAdmin in cPanel.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now