Why am I getting an error? (PHP, MySQL)

Question

I am trying to get the amount of rows that referral_in and referral_out exist in (as separate variables). This is my code for that:

$username = $_SESSION['username'];

$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server");
mysql_select_db("xxxxx") or die("Couldnt find database");

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username");
$same = mysql_num_rows($namecheck);

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username");
$leading = mysql_num_rows($namecheck);
echo "$leading / $same"

When do it, I am getting this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 23

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 25

Answer 1

You are forgetting the quotes around $username

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".$username."'");

Also try to escape the $username as you are code is vulnerable towards SQL Injection

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".mysql_real_escape_string($username)."'");

SIDE NOTE: Don't use mysql_query instead use mysqli

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

Answer 2

$samecheck instead of $namecheck??? Where is $namecheck defined?

Answer 3

First off, mysql extension is deprecated. Please consider MySqli or PDO. Second, you may want to sanitize your session variable for security reasons. If you use a parameterized query with MySQLi or PDO, you have nothing to worry about. Otherwise, the APIs provide methods (mysql, mysqli) to escape your string.

Now there's a typo in WERE, should be WHERE.

If username is a string type, you need to enclose the value in quotes.

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`='$username'");
$same = mysql_num_rows($samecheck); //another typo; should be $samecheck

Also in your second mysql_num_rows(), you probably meant to pass $leadcheck, not $namecheck

Answer 4

This should work

$username = $_SESSION['username'];

$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldn't Connect to Server");
mysql_select_db("xxxxx") or die("Couldn't find database");

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`=$username") or die (mysql_error());
$same = mysql_num_rows($samecheck);

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WHERE `username`=$username") or die (mysql_error());
$leading = mysql_num_rows($leadcheck);
echo "$leading / $same"

also, please at some point consider using mysqli

http://php.net/manual/en/book.mysqli.php

because the mysql extension is deprecated, open to SQL injection, and will likely be removed in a newer version of PHP

Answer 5

try this

      $username = $_SESSION['username'];

   $connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server");
   mysql_select_db("xxxxx") or die("Couldnt find database");

   $samecheck = mysql_query("SELECT `referral_in` ,`referral_out`  FROM `users` WHERE `username`=$username");
   $same = mysql_num_rows($namecheck);
   $row = mysql_fetch_array($samecheck);

  echo $row['referral_in'] / $row['referral_out'] ;

note:

• mysql is decprecated , please use PDO or mysqli instead.

Answer 6

Error is saying that $namecheck is not a mysql_query.
$namecheck is not defined.

$namecheck should be $namecheck and $leadcheck respectively.

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username");
$same = mysql_num_rows($samecheck);

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username");
$leading = mysql_num_rows($leadcheck);