dementor Posted April 16, 2008 Share Posted April 16, 2008 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/**************/public_html/**********.php on line 20 Anyone care to explain this what this error means in general So ill be able to fix my code thanks :) Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 16, 2008 Share Posted April 16, 2008 Re: Error The error is self explanatory... $sql = "..."; $rs = mysql_query($sql); $row = mysql_fetch_array($rs); ... so guess what... your SQL is at fault *or* the db connection has not been correctly made. Quote Link to comment Share on other sites More sharing options...
dementor Posted April 16, 2008 Author Share Posted April 16, 2008 Re: Error $gq=mysql_query("SELECT * FROM gangs WHERE gangID={$_POST['gang']}",$c); $gangdata=mysql_fetch_array($gq); there is the line of code I see nothing worng Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 16, 2008 Share Posted April 16, 2008 Re: Error Gotta just love SQL injection... $sql = sprintf("SELECT * FROM `gangs` WHERE (`gangID` = %u)", @intval($_POST['gang'])); $gq = mysql_query($sql) or die(mysql_error()); $gangdata=mysql_fetch_array($gq); Quote Link to comment Share on other sites More sharing options...
Floydian Posted April 16, 2008 Share Posted April 16, 2008 Re: Error it should be noted that if your select query does not find matching rows, you do not get a result returned from the mysql_query() function that can then be used in mysql_fetch_array(). You can catch this by inserting some code between what you have there: $gq=mysql_query("SELECT * FROM gangs WHERE gangID={$_POST['gang']}",$c); // Insert this stuff here: if (mysql_num_rows($gq) < 1) { echo "<h1>This query returned no result set.</h1>"; die; } // Insert that up there: $gangdata=mysql_fetch_array($gq); Oh, and in defense of the possible injection, perhaps there was some sort of validation/escaping done, but not copied/pasted here? Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 16, 2008 Share Posted April 16, 2008 Re: Error Agreed Floydian... I was under the assumption however that mysql_query() does give a result... but not FALSE if no rows are found, thereby negating the need for mysql_num_rows()... [me=Nyna]slopes off to poke the manual...[/me] Quote Link to comment Share on other sites More sharing options...
Floydian Posted April 17, 2008 Share Posted April 17, 2008 Re: Error The most likely set of events, is that the $_POST['gang'] variable is empty, and is causing an error, mysql_query then returns boolean FALSE and that causes mysql_fetch_array() to trip up I suppose that might make mysql_num_rows trip up too huh. lol :mrgreen: Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 17, 2008 Share Posted April 17, 2008 Re: Error Yep, I'd agree with that, hence the use of the sprintf to force a value ;) Quote Link to comment Share on other sites More sharing options...
dementor Posted April 17, 2008 Author Share Posted April 17, 2008 Re: Error well if my admins are going to sql inject me as it is something for my admins then Ill take the risk Quote Link to comment Share on other sites More sharing options...
dementor Posted April 17, 2008 Author Share Posted April 17, 2008 Re: Error function name() { global $ir,$c,$userid,$h,$gangdata; if($_POST['gangname']) { $ct=mysql_query("SELECT * FROM gangs WHERE gangNAME={$_POST['gangname']}",$c); if(mysql_num_rows($ct)) <<<<<< Line 87 { print "Name Taken [url='gangadmin.php?action=name']Back[/url] "; exit; } mysql_query("UPDATE gangs SET gangNAME={$_POST['gangname']} WHERE gangID={$gangdata['gangID']}",$c); print "Name Changed to {$_POST['gangname']} [url='gangadmin.php?ID={$gangdata[']Back[/url] "; } else { print "Please enter the new name you would like this gang to be <form action='gangadmin.php?action=name' method='post'> New Name :<input type='text' name='gangname' value='{$gangdata['gangNAME']}'> <input type='submit' value='New Name'> </form>"; exit; } } The actual code up there works fine is when i want to use a function that the codes start to play up Heres a function here No talk of sql injection please or securing code I just want to know the problem Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/***.php on line 86 Name Changed to dasada Back there is the error once I change the name and is only after I enter this page I get the error which I posted up there Quote Link to comment Share on other sites More sharing options...
dementor Posted April 17, 2008 Author Share Posted April 17, 2008 Re: Error The initial error has been removed but this one last post I made still gives ou the saqme erro Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 17, 2008 Share Posted April 17, 2008 Re: Error You have not escaped the string value $_POST['gangname']; Check the value of $c prior of calling the first query... if (!is_resource($c)) { die("MySQL connection is fubar"); } Check the value if $ct post calling the first query... if (!is_resource($ct)) { die("MySQL query error - " . mysql_error()); } Also might be an idea to take the advice of the experienced programmers and secure your software against SQL injection. You say that that only admins have access to this facility... Fine, but what happens if you or another developer skips a vital check allowing someone else in, or an admin accidentally pastes data into the form that contains rogue data? Never *ever* assume that because you *think* you are in a safe area, you can ignore the basic checks. And please give us a clue which line 86 is.... We don't know... <?php function name() { global $ir,$c,$userid,$h,$gangdata; if($_POST['gangname']) { $ct=mysql_query("SELECT * FROM gangs WHERE gangNAME={$_POST['gangname']}",$c); /** THE FOLLOWING IS LINE 86 **/ if(mysql_num_rows($ct)) { print "Name Taken [url='gangadmin.php?action=name']Back[/url] "; exit; } mysql_query("UPDATE gangs SET gangNAME={$_POST['gangname']} WHERE gangID={$gangdata['gangID']}",$c); print "Name Changed to {$_POST['gangname']} [url='gangadmin.php?ID={$gangdata[']Back[/url] "; } else { print "Please enter the new name you would like this gang to be <form action='gangadmin.php?action=name' method='post'>New Name :<input type='text' name='gangname' value='{$gangdata['gangNAME']}'> <input type='submit' value='New Name'> </form>"; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
dementor Posted April 17, 2008 Author Share Posted April 17, 2008 Re: Error Nyna My point was why secure a code that it isnt working yet xD Quote Link to comment Share on other sites More sharing options...
dementor Posted April 18, 2008 Author Share Posted April 18, 2008 Re: Error session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); $sql = sprintf("SELECT * FROM `gangs` WHERE (`gangID` = %u)", @intval($_POST['gang'])); $gq = mysql_query($sql) or die(mysql_error()); $gangdata=mysql_fetch_array($gq); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); if($ir['user_level']!= 2) { print "Get out of here, dude."; exit; } switch($_GET['action']) { case "name": name(); break; case "delete": delete(); break; case "delete2": delete2(); break; case "wars": wars(); break; case "respect": respect(); break; case "members": members(); break; case "apps": apps(); break; case "bank": bank(); break; case "ann": ann(); break; case "tag": tag(); break; case "kick": kick(); break; case "armory": armory(); break; case "uarmory": uarmory(); break; case "desc": desc(); break; case "logo": logo(); break; case "pres": pres(); break; case "id": id(); break; case "mw": mw(); break; default: index(); break; } function index() { global $ir,$c,$userid,$h,$gangdata; print "[b]You are managing gang {$gangdata['gangNAME']} ({$_POST['gang']}).[/b] >[url='gangadmin.php?action=name']Change Name[/url] >[url='gangadmin.php?action=delete']Delete this Gang[/url] >[url='gangadmin.php?action=wars']Delete all Gang Wars with this Gang[/url] >[url='gangadmin.php?action=respect']Change Respect[/url] >[url='gangadmin.php?action=members']Memberlist[/url] >[url='gangadmin.php?action=apps']Applications[/url] >[url='gangadmin.php?action=bank']Bank[/url] >[url='gangadmin.php?action=ann']Change Annoucement[/url] >[url='gangadmin.php?action=tag']Change Tag[/url] "; if($gangdata['gangARMORY']== 1) { print ">[url='gangadmin.php?action=armory']Lock Armoury[/url] "; } else { print ">[url='gangadmin.php?action=uarmory']Unlock Armoury[/url] "; } print ">[url='gangadmin.php?action=desc']Change Description[/url] >[url='gangadmin.php?action=logo']Change Logo[/url] >[url='gangadmin.php?action=pres']Change President / Vice President[/url] >[url='gangadmin.php?action=id']Change Gang ID[/url] >[url='gangadmin.php?action=mw']Manage Gang Wars[/url] "; } function name() { global $ir,$c,$userid,$h,$gangdata; if($_POST['gangname']) { $ct=mysql_query("SELECT * FROM gangs WHERE gangNAME={$_POST['gangname']}",$c); if(mysql_num_rows($ct)) { print "Name Taken [url='gangadmin.php?action=name']Back[/url] "; exit; } mysql_query("UPDATE gangs SET gangNAME={$_POST['gangname']} WHERE gangID={$gangdata['gangID']}",$c); print "Name Changed to {$_POST['gangname']} [url='gangadmin.php?ID={$gangdata[']Back[/url] "; } else { print "Please enter the new name you would like this gang to be <form action='gangadmin.php?action=name' method='post'> New Name :<input type='text' name='gangname' value='{$gangdata['gangNAME']}'> <input type='submit' value='New Name'> </form>"; exit; } } function delete() { global $ir,$c,$userid,$h,$gangdata; print "Are you 100% sure you want to delete the {$gangdata['gangNAME']} gang? [url='gangadmin.php?action=delete2']Yes, i want to delete it now[/url] [url='gangadmin.php?ID={$gangdata[']No, keep it[/url] "; } function delete2() { global $ir,$c,$userid,$h,$gangdata; mysql_query("DELETE FROM gangs WHERE gangID={$gangdata['gangID']}",$c); print "Gang Deleted [url='admin.php']Back to admin home[/url] "; } function wars() { global $ir,$c,$userid,$h,$gangdata; mysql_query("DELETE FROM gangwars WHERE warDECLARED={$gangdata['gangID']} OR warDECLARER={$gangdata['gangID']}",$c); print "All Gang Wars Deleted with this gang."; } function respect() { global $ir,$c,$userid,$h,$gangdata; if($_POST['respect']) { $respect=abs((int) $_POST['respect']); mysql_query("UPDATE gangs SET gangRESPECT=$respect WHERE gangID={$gangdata['gangID']}",$c); print "Respect Changed!"; } else { print "[b]Enter the new amount of respect for this gang.[/b] <form action='gangadmin.php?action=respect'> New Respect : <input type='text' name='respect' value='{$gangdata['gangRESPECT']}'> <input type='submit' value='Change!'> </form> "; } } function members() { global $ir,$c,$userid,$h,$gangdata; $gmq=mysql_query("SELECT * FROM users WHERE gang={$gangdata['gangID']}",$c); print "Viewing members of the {$gangdata['gangNAME']} gang <table width=100% border=0><tr><th>Username</th><th>Days in Gang</th><th>Kick?</th></tr>"; while($m=mysql_fetch_array($gmq)) { print "<tr><td>[url='viewuser.php?u={$m[']{$m['username']}[/url] [{$m['userid']}]</td><td>{$m['daysingang']}</td><td><a href='gangadmin.php?action=kick&userid={$m['userid']}'>Kick</td></tr>"; } print "</table> "; } function kick() { global $ir,$c,$userid,$h,$gangdata; $kickwho=(int) $_GET['userid']; mysql_query("UPDATE users SET gang=0,daysingang=0 WHERE userid=$kickwho",$c); print "$kickwho has been kicked out of the {$gangdata['gangID']} gang."; } function apps() { global $ir,$c,$userid,$gangdata,$h; $_GET['app'] = abs((int) $_GET['app']); if($_GET['app']) { $aq=mysql_query("SELECT a.*,u.* FROM applications a LEFT JOIN users u ON a.appUSER=u.userid WHERE a.appID={$_GET['app']} AND a.appGANG={$gangdata['gangID']}",$c); if (mysql_num_rows($aq)) { $appdata=mysql_fetch_array($aq); if($_GET['what'] == 'decline') { mysql_query("DELETE FROM applications WHERE appID={$_GET['app']}",$c); event_add($appdata['appUSER'],"Your application to join the {$gangdata['gangNAME']} gang was declined",$c); print "You have declined the application by {$appdata['username']} to the {$gangdata['gangNAME']} gang. [url='gangadmin.php?action=apps']> Back[/url]"; } else { $cnt=mysql_query("SELECT username FROM users WHERE gang={$gangdata['gangID']}",$c); if($gangdata['gangCAPACITY'] == mysql_num_rows($cnt)) { print "Your gang is full, you must upgrade it to hold more before you can accept another user!"; $h->endpage(); exit; } else if ($appdata['gang'] != 0) { print "That person is already in a gang."; $h->endpage(); exit; } mysql_query("DELETE FROM applications WHERE appID={$_GET['app']}",$c); event_add($appdata['appUSER'],"Your application to join the {$gangdata['gangNAME']} gang was accepted, Congrats!",$c); mysql_query("UPDATE users SET gang={$gangdata['gangID']},daysingang=0 WHERE userid={$appdata['userid']}",$c); print "You have accepted the application by {$appdata['username']} to the {$gangdata['gangNAME']} gang. [url='gangadmin.php?action=apps']> Back[/url]"; } } } else { print "[b]{$gangdata['gangNAME']}'s Applications[/b] <table width=85% border=2><tr style='background:gray;'><th>User</th><th>Level</th><th>Money</th><th>Reason</th> <th> </th></tr>"; $q=mysql_query("SELECT a.*,u.* FROM applications a LEFT JOIN users u ON a.appUSER=u.userid WHERE a.appGANG={$gangdata['gangID']}",$c); while($r=mysql_fetch_array($q)) { print "<tr><td>[url='viewuser.php?u={$r[']{$r['username']} [{$r['userid']}][/url]</td><td>{$r['level']}</td><td>\${$r['money']}</td> <td>{$r['appTEXT']}</td><td><a href='gangadmin.php?action=apps&app={$r['appID']}&what=accept'> Accept</a> | <a href='gangadmin.php?action=apps&app={$r['appID']}&what=decline'> Decline</a></td></tr>"; } print "</table>"; } } function bank() { global $ir,$c,$userid,$h,$gangdata; if($_POST['givewho']) { if($_POST['bankmoney'] > $gangdata['gangBANKMONEY'] || $_POST['bankcrystals'] > $gangdata['gangBANKCRYSTALS']) { print "This gang does not have that much cash/crystals funds to give out [url='gangadmin.php?action=bank']>Back[/url] "; exit; } else { $money=(int) $_POST['bankmoney']; $cryst=(int) $_POST['bankcrystals']; $themid=(int) $_POST['userid']; mysql_query("UPDATE gangs SET gangBANKMONEY=gangBANKMONEY-$money, gangBANKCRYSTALS=gangBANKCRYSTALS-$cryst WHERE gangID={$gangdata['gangID']}",$c); mysql_query("UPDATE users SET money=money+$money, crystals=crystals+$cryst WHERE userid=$themid",$c); print "You gave \${$_POST['bankmoney']} cash and {$_POST['bankcrystals']} crystals to userid: {$_POT['userid']}"; } } else { print "[b]Here is {$gangdata['gangNAME']}'s bank[/b] [b]\${$gangdata['gangBANKMONEY']} cash[/b] [b]{$gangdata['gangBANKCRYSTALS']} crystals[/b] <hr width=50% /> <form action='gangadmin.php?action=bank' method='post'> Userid :<input type='text' name='userid' value=''> Bank Cash: <input type='text' name='bankmoney' value='{$gangdata['gangBANKMONEY']}'> Bank Crystals : <input type='text' name='bankcrystals' value='{$gangdata['gangBANKCRYSTALS']}'> <input type='submit' value='Submit'> </form>"; } } function ann() { global $ir,$c,$userid,$h,$gangdata; if($_POST['ann']) { mysql_query("UPDATE gangs SET gangANNOUCEMENT='{$_POST['ann']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang's Annoucement Changed!"; } else { print "[b]Here you are changing the gang annoucement[/b] <form action='gangadmin.php?action=ann' method='post'> New Annoucement : <textarea name='ann' cols='30' rows='11'>{$gangdata['gangANNOUCEMENT']}</textarea> <input type='submit' value='Change Annoucement!'> </form>"; } } function tag() { global $ir,$c,$userid,$h,$gangdata; if($_POST['tag']) { mysql_query("UPDATE gangs SET gangPREFIX='{$_POST['tag']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang's Tag Changed!"; } else { print "[b]Here you are changing the gang's tag[/b] <form action='gangadmin.php?action=tag' method='post'> New Tag : <input type='text' name='tag' value='{$gangdata['gangPREFIX']}'> <input type='submit' value='Change Tag!'> </form>"; } } function armory() { global $ir,$c,$userid,$h,$gangdata; mysql_query("UPDATE gangs SET gangARMORY=0 WHERE gangID={$gangdata['gangID']}",$c); print "Gangs Armory is now locked. "; } function uarmory() { global $ir,$c,$userid,$h,$gangdata; mysql_query("UPDATE gangs SET gangARMORY=1 WHERE gangID={$gangdata['gangID']}",$c); print "Gangs Armory is now unlocked. "; } function desc() { global $ir,$c,$userid,$h,$gangdata; if($_POST['desc']) { mysql_query("UPDATE gangs SET gangDESCRIPTION='{$_POST['desc']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang's Description Changed!"; } else { print "[b]Here you are changing the gang's description[/b] <form action='gangadmin.php?action=desc' method='post'> New Description : <input type='text' name='desc' value='{$gangdata['gangDESCRIPTION']}'> <input type='submit' value='Change Decription!'> </form>"; } } function logo() { global $ir,$c,$userid,$h,$gangdata; if($_POST['logo']) { mysql_query("UPDATE gangs SET gangLOGO='{$_POST['logo']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang's Logo Changed!"; } else { print "[b]Here you are changing the gang's logo[/b] <form action='gangadmin.php?action=logo' method='post'> New Logo : <input type='text' name='logo' value='{$gangdata['gangLOGO']}'> <input type='submit' value='Change Logo!'> </form>"; } } function pres() { global $ir,$c,$userid,$h,$gangdata; if($_POST['pres'] || $_POST['vicepres']) { if($_POST['pres']) { $pres=(int) $_POST['pres']; } if($_POST['vicepres']) { $vicepres=(int) $_POST['vicepres']; } mysql_query("UPDATE gangs SET gangPRESIDENT=$pres, gangVICEPRES=$vicepres WHERE gangID={$gangdata['gangID']}",$c); print "Gang's President and Vice President Changed!"; } else { print "[b]Here you are changing the gang's president/vice president. leave blank for no change.[/b] <form action='gangadmin.php?action=pres' method='post'> New President : <input type='text' name='pres' value='{$gangdata['gangPRESIDENT']}'> New Vice-President : <input type='text' name='vicepres' value='{$gangdata['gangVICEPRES']}'> <input type='submit' value='Change!'> </form>"; } } function id() { global $ir,$c,$userid,$h,$gangdata; if($_POST['newid']) { $nid=(int) $_POST['newid']; $lid=(int) $_POST['lastid']; $ncq=mysql_query("SELECT * FROM gangs WHERE gangID=$nid",$c); if(mysql_num_rows($ncq)) { print "Gang ID Taken. [url='gangadmin.php?action=id']>Back[/url] "; exit; } mysql_query("UPDATE users SET gang=$nid WHERE gang=$lid",$c); mysql_query("UPDATE gangwars SET warDECLARED=$nid WHERE warDECLARED=$lid",$c); mysql_query("UPDATE gangwars SET warDECLARER=$nid WHERE warDECLARER=$lid",$c); mysql_query("UPDATE gangarmory SET armoryGANGID=$nid WHERE armoryGANGID=$lid",$c); mysql_query("UPDATE gangs SET gangID=$nid WHERE gangID=$lid",$c); print "Gang ID Changed! [url='index.php']Home[/url] "; } else { print "Type in the new gang ID for this gang ID. <form action='gangadmin.php?action=id' method='post'> <input type='hidden' name='lastid' value='{$gangdata['gangID']}'> New ID : <input type='text' name='newid'> <hr width=40% /> [b]Are you 100% sure you want to change the Gang's ID?[/b] <input type='submit' value='Yes'> <input type='reset' value='No'> </form>"; } } function mw() { global $ir,$c,$userid,$h,$gangdata; if($_GET['delete']) { $delete=(int) $_GET['delete']; mysql_query("DELETE FROM gangwars WHERE warID=$delete",$c); print "Successfully Deleted =D. "; } else { $gwq=mysql_query("SELECT gw.*,g.* FROM gangwars gw LEFT JOIN gangs g ON gw.warDECLARED=g.gangID OR gw.warDECLARER=g.gangID WHERE gw.warDECLARED={$gangdata['gangID']} OR gw.warDECLARER={$gangdata['gangID']}",$c); print "[b]Viewing all wars with {$gangdata['gangNAME']} gang.[/b] <table width=100% border=0><tr><th>War ID</th><th>Gang Declarer</th><th>Delete War?</th></tr>"; while($wq=mysql_fetch_array($gwq)) { print "<tr><td>{$wq['warID']}</td><td>[url='gangs.php?action=view&ID={$wq[']{$wq['gangNAME']}[/url] ({$wq['gangID']})</td><td>[[url='gangadmin.php?action=mw&delete={$wq[']Delete[/url]] </td></tr>"; } print "</table>"; } } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.