mysql_query() returning boolean and causing mysql_fetch_assoc() to fail

Question

I'm writing a small login class for an application of mine, however, I think my query is bad, because when I call mysql_fetch_assoc() on the result of the query, I get this error:

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given

I'm familiar with how mysql_fetch_assoc() works, but I'm guessing the call to mysql_query() is returning false, which is obviously a boolean, producing the error.

Here's the query:

$loginsql = 'SELECT userid, username, password FROM users WHERE username=\'. $username .\' AND password=\'. $password .\'';

Note: I realize the "mysql_" function set in PHP is deprecated as of 5.5, but I'm using 5.3.8 and just practicing. I will refactor the application later using PDO.

classes.php

<?php

class connectToDb {
    function dbConnect($config) {   
        $connection = mysql_connect($config['host'], $config['dbuser'], $config['dbpass']);
        if ($connection) {
            mysql_select_db($config['db'], $connection);
        } else {
            echo "Could not connect to database!";
        }
    }
}

class registerAccount {
    function doRegister($regusername, $regpassword, $regemail) {
        $regsql = "INSERT INTO users (username, password, email) VALUES ('$regusername', '$regpassword', '$regemail')";
        if (mysql_query($regsql)) {
            echo "Successfully registered!";
        } else {
            echo "Problem with registration!";
        }
    }
}

class loginAccount {
    function doLogin($username, $password) {
        mysql_real_escape_string($username);
        mysql_real_escape_string($password);

        hash('sha256', $password);

        $loginsql = 'SELECT userid, username, password FROM users WHERE username=\'. $username .\' AND password=\'. $password .\'';

        $result = mysql_query($loginsql) or die(mysql_error());

        $loginrow = mysql_fetch_assoc($result);
        if ($loginrow) {
            $_SESSION['username'] = $loginrow['username'];
            $_SESSION['userid'] = $loginrow['userid'];
        } else {
            echo "Incorrect username and/or password!";
        }
    }
}

Can I recommend using the `mysqli_*` functions instead of `mysql_`? They have a set of non-OO functions that behave almost identically to the `mysql_` functions. — jcsanyi, Jul 01 '13 at 23:51
possible duplicate of [mysql\_fetch\_array() expects parameter 1 to be resource, boolean given in select](http://stackoverflow.com/questions/2973202/mysql-fetch-array-expects-parameter-1-to-be-resource-boolean-given-in-select) — Ignacio Vazquez-Abrams, Jul 01 '13 at 23:52
@jcsanyi You can, although, I will be ditching the mysql and mysqli functions altogether when I refactor using PDO. — dpl47, Jul 01 '13 at 23:52
you know the answer? so why you don't add a check on mysql_query() if it is false that means no results, I would advice you to use prepared statements to protect your query from sql injection. — Mehdi Karamosly, Jul 01 '13 at 23:52
@dpl47 PDO is a way better, than the old mysql library, the sooner you use it the better, less code to be migrated later — Mehdi Karamosly, Jul 01 '13 at 23:59
@MehdiKaramosly You're exactly right. The reason for starting out using the mysql functions is because I took a break from PHP and I'm getting back into it. I can worry about details like what set of predefined functions I'm using when I actually go to do something with the application. — dpl47, Jul 02 '13 at 00:01
What does your `$config['db']` holds. Is it the right name of the database? — Ivanka Todorova, Jul 02 '13 at 00:02
@FakeHeal Yes. It contains the correct name of the database. — dpl47, Jul 02 '13 at 00:05
So if you run this: `$select = mysql_select_db($config['db'], $connection); if(!$select) die(mysql_error());` what does it show? — Ivanka Todorova, Jul 02 '13 at 00:07
See [this answer](http://stackoverflow.com/a/11674313/250259) for how to troubleshoot this. — John Conde, Jul 02 '13 at 13:41

score 8 · Accepted Answer · answered Jul 01 '13 at 23:52

8

mysql_query() returns false if there's an error. If it returns false, you can get the error message with mysql_error(), which should give you a hint about what's wrong with the query.

This is why you used to see a lot of these style queries:

$result = mysql_query('SELECT foo FROM bar') or die(mysql_error());

answered Jul 01 '13 at 23:52

Sam Dufel

17,560
3
48
51

Calling mysql_error() produces "No database selected." However, I did select a database. Let me edit in the code to the question. – dpl47 Jul 01 '13 at 23:56
Check the result of your `mysql_select_db()` call to make sure that it isn't failing. – Bad Wolf Jul 02 '13 at 00:03
Fixed it. It actually had nothing to do with the query. I made a rookie mistake and didn't instantiate a new object of the connectToDb class on the login page before trying to call the doLogin method. – dpl47 Jul 02 '13 at 00:21

mysql_query() returning boolean and causing mysql_fetch_assoc() to fail

1 Answers1