Probleme - mysql_fetch_assoc()

Question

Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result

I have a PHP script where the User can change his account settings. But there is a problem because I have a mistake which I can't find. Can you help me please.

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /Applications/XAMPP/xamppfiles/htdocs/tutorials/findFriends/account_settings.php on line 69

<?
include ("inc/incfiles/header.inc.php");
if ($user) {

}
else
{
 die ("You must be logged in to view this page!");
}
?>
<?
$senddata = $_POST['senddata'];

//Password variables
$old_password = strip_tags($_POST['oldpassword']);
$new_password = strip_tags($_POST['newpassword']);
$repeat_password = strip_tags($_POST['newpassword2']);

if ($senddata) {
//If the form has been submitted ...

$password_query = mysql_query("SELECT * FROM users WHERE username='$user'");
while ($row = mysql_fetch_assoc($password_query)) {
    $db_password = $row['password'];

    //md5 the old password before we check if it matches
    $old_password_md5 = md5($old_password);

    //Check whether old password equals $db_password
    if ($old_password_md5 == $db_password) {
     //Continue Changing the users password ...
     //Check whether the 2 new passwords match
     if ($new_password == $repeat_password) {
        if (strlen($new_password) <= 4) {
         echo "Sorry! But your password must be more than 4 character long!";
        }
        else
        {

        //md5 the new password before we add it to the database
        $new_password_md5 = md5($new_password);
       //Great! Update the users passwords!
       $password_update_query = mysql_query("UPDATE users SET password='$new_password_md5' WHERE username='$user'");
       echo "Success! Your password has been updated!";

        }
     }
     else
     {
      echo "Your two new passwords don't match!";
     }
    }
    else
    {
     echo "The old password is incorrect!";
    }
}
 }
else
{
 echo "";
}


$updateinfo = $_POST['updateinfo'];

//First Name, Last Name and About the user query
$get_info = mysql_query("SELECT first_name, last_name, bio FROM users WHERE username='$user'");
$get_row = mysql_fetch_assoc($get_info);
$db_firstname = $get_row['first_name'];
$db_last_name = $get_row['last_name'];
$db_bio = $get_row['bio'];

//Submit what the user types into the database
if ($updateinfo) {
 $firstname = strip_tags($_POST['fname']);
 $lastname = strip_tags($_POST['lname']);
 $bio = $_POST['bio'];


 if (strlen($firstname) < 3) {
echo "Your first name must be 3 more more characters long.";
 }
 else
 if (strlen($lastname) < 5) {
echo "Your last name must be 5 more more characters long.";
}
else
{
//Submit the form to the database
$info_submit_query = mysql_query("UPDATE users SET first_name='$firstname', last_name='$lastname', bio='$bio' WHERE username='$user'");
echo "Your profile info has been updated!";
header("Location: $user");
}
}
else
{
 //Do nothing
}
?>
<h2>Edit your Account Settings below</h2>
<hr />
<form action="account_settings.php" method="post">
<p>CHANGE YOUR PASSWORD:</p> <br />
Your Old Password: <input type="text" name="oldpassword" id="oldpassword" size="40"><br />
Your New Password: <input type="text" name="newpassword" id="newpassword" size="40"><br />
Repeat Password  : <input type="text" name="newpassword2" id="newpassword2" size="40"><br />
<input type="submit" name="senddata" id="senddata" value="Update Information">
</form>
<hr />
<form action="account_settings.php" method="post">
<p>UPDATE YOUR PROFILE INFO:</p> <br />
First Name: <input type="text" name="fname" id="fname" size="40" value="<? echo $db_firstname; ?>"><br />
Last Name: <input type="text" name="lname" id="lname" size="40" value="<? echo $db_last_name; ?>"><br />
About You: <textarea name="bio" id="bio" rows="7" cols="40"><? echo $db_bio; ?></textarea>

<hr />
<input type="submit" name="updateinfo" id="updateinfo" value="Update Information">
</form>
<br />
<br />

And if I want to change the first or last name there is this error:

Warning: Cannot modify header information - headers already sent by (output started at /Applications/XAMPP/xamppfiles/htdocs/tutorials/findFriends/inc/incfiles/header.inc.php:72) in /Applications/XAMPP/xamppfiles/htdocs/tutorials/findFriends/account_settings.php on line 93

Here is the header.inc.php:

<?
include ("inc/scripts/mysql_connect.inc.php");
session_start();
if (isset($_SESSION['user_login'])) {
$user = $_SESSION["user_login"];
}
else {
$user = "";
}
?>
<!DOCTYPE html>

<html lang="en">
<head>
        <meta charset="utf-8">

        <link rel="stylesheet" href="css/reset.css" media="screen">
        <link rel="stylesheet" href="css/master.css" media="screen">
        <link rel="stylesheet" href="css/blue.css" media="screen">
    <link rel="stylesheet" href="css/main.css" media="screen">
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
        <script src="js/jquery.color.js"></script>
        <script src="js/script.js"></script>
    <script src="js/placeholder-js.js" type="text/javascript"></script>
    <script src="js/main.js" type="text/javascript"></script>

        <title>findFriends</title>
</head>
<body>
                <div class="mashmenu">
                        <div id="menuWrapper">
                        <div class="fnav">

                                <a href="#" class="flink" >findFriends+ </a>

                                <div class="allContent">

                                        <div class="snav" >
                                                <a href="#" class="slink" >About findFriends</a>

                                                <div class="insideContent">

                                                        <span class="featured" >What is it?<br />
                            findFriends is an open source social network, created for the sinimma YouTube tutorial
                            series. All code is explained and completely free to download and use.<a href="http://www.youtube.com/sinimma">Visit our YouTube
                            channel ...</a>
                            </span>
                                                </div><!-- end insideContent -->
                                        </div><!-- end snav -->

                                        <div class="snav" >
                                                <a href="#" class="slink" >Open Source?</a>
                                                <div class="insideContent">
                                                        <span class="featured" >All code is open source and freely availible,</span>
                                                        because this means that anyone can download and improve the source code whatever
                            way they want without permission. <br />You may use this source code in any way to do anything.
                            All we <br />ask is that you keep the link at the bottom of the page, as a way of saying thanks for
                            all of the work we have done. :)
                                                </div><!-- end insideContent -->
                                        </div><!-- end snav -->

                                        <div class="snav" >
                                                <a href="http://www.youtube.com/sinimma" class="slink" >Youtube Channel</a>
                                                <div class="insideContent">
                                                        <span class="featured" ></span>
                                        </div><!-- end snav -->
                    </div>
                                </div><!-- end allContent -->

                        </div><!-- end fnav -->

                        <?
                        if (isset($_SESSION["user_login"])) {
                        echo '

                        <div class="fnav">

                                <a href="' . $user . '" class="flink" >' . $user . '\'s Profile</a>

                        </div><!-- end fnav -->
                        <div class="fnav">

                                <a href="account_settings.php" class="flink" >Account Settings</a>

                        </div><!-- end fnav -->
                        <div class="fnav">

                                <a href="logout.php" class="flink" >Logout</a>

                        </div><!-- end fnav -->

                        ';
                        }
                        else
                        {
                                echo '

                                <div class="fnav">

                                <a href="index.php" class="flink" >Sign Up+ </a>

                        </div><!-- end fnav -->
            <div class="fnav">

                                <a href="index.php" class="flink" >Login+ </a>

                        </div><!-- end fnav -->

                                ';
                        }
                        ?>

                        <div class="feat">
                                <form id="searchForm">
                <fieldset>
                    <div class="input">
                        <input type="text" class="Search" id="s" value="Search findFriends ..." />
                    </div>
                    <input type="submit" id="searchSubmit" value="" />
                </fieldset>
            </form>
                        </div><!-- end fnav feat -->
          </div>
                </div><!--end mashmenu -->
        <div id="wrapper">
<br />
<br />
<br />
<br />

Answer 1

You query fails. This is 99.99% the case whenever you see "expects parameter 1 to be resource, boolean given" error message. It pops up because you try to use query result in further calls, but in case of failure you get not resource you expect but boolean (false).

The rule of the thumb is: always check if query was sucessful, using code like

$result = mysql_query()
if( $result !== false ) {
   // ok, let's proceed
}

Also, your code is quite open to SQL Injection attack. Always pass variables you want to build your query with thru methods like mysql_real_escape_string().

EDIT

Since you got one query in your code only, replace:

$password_query = mysql_query("SELECT * FROM users WHERE username='$user'");

with

$password_query = mysql_query( sprintf("SELECT * FROM users WHERE username='%s'",
                       mysql_real_escape_string($user)) );

which shall solve your problem. And you should drop strip_tags(). It is not the right place to use it here as you are destroying user input. And finally it is not $password_query, but rather $password_query_result.

PS: Consider abandoning mysql_ extension and use mysqli_ or PDO. mysql_ extension is deprecated. It should not be any painful transition as mysqli_ is mostly drop-in replacement.

Answer 2

The problem lies with this query (line 68):

$get_info = mysql_query("SELECT first_name, last_name, bio FROM users WHERE username='$user'");

This query fails thus $get_info contains the boolean value FALSE instead of a MySQL resource as the mysql_fetch_assoc needs.

And check your script for SQL injection vulnerabilities - your script is shockingly vulnerable!