getting mysql_numrows(): supplied argument is not a valid MySQL result resource

Question

I am trying to create a simple process that checks if a username is taken already during the login process.

I have a simple php script that querys the database and then i check to see if there are any results and echos a response to the user

the full error that i get is: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home1/tbronson/public_html/sandbox/uname_check.php on line 9

The entire php script is:

<?php 
$user = "(removed for security)";
$pass = "(removed for security)";
$db = "budgetbidders_users";
$con = mysqli_connect($host,$user,$pass,$db);

$uname = strip_tags( trim( $_POST['uname'] ) );
$result = mysqli_query($con,"SELECT * FROM  `users` WHERE uname =  '" .$uname . '");
$numrows = mysql_num_rows($result); //line 9

if ($numrows > 0) {
    $end_result = "Username already taken";
    }
else {
    $end_result = "";
    }
echo $end_result;   



?>

I have searched for hours and tried multiple variations, this seems to be the closest to correct that i can find, thank you for your help!

score 1 · Accepted Answer · edited May 23 '17 at 12:28

There were a few errors in your code.

The following line has a missing double-quote before the single quote for $uname:

$result = mysqli_query($con,"SELECT * FROM  `users` 
WHERE uname =  '" .$uname . '");
                           ^

However it would be better to use prepared statements or PDO along or you can use:

WHERE uname =  '$uname' // instead

Plus, you're mixing the deprecated mysql_* function with the mysqli_* functions.

mysqli_query and mysqli_num_rows() where mysql_num_rows() needs to be changed to mysqli_num_rows

I also suggest you change:

$uname = strip_tags( trim( $_POST['uname'] ) );

to:

$uname = mysqli_real_escape_string($con, $_POST['uname']);

And:

WHERE uname =  '" .$uname . "'

to:

WHERE uname =  '$uname'

You can make any modifications you wish, both will work. Do read this article on SO on how to prevent SQL injection.

Give this a try now:

<?php 
$user = "(removed for security)";
$pass = "(removed for security)";
$db = "budgetbidders_users";
$con = mysqli_connect($host,$user,$pass,$db);

// the line below is better to use
$uname = mysqli_real_escape_string($con, $_POST['uname']);

// this is your original line of code which will work also
// $uname = strip_tags( trim( $_POST['uname'] ) );
$result = mysqli_query($con,"SELECT * FROM  `users` WHERE uname =  '" .$uname . "' ");
$numrows = mysqli_num_rows($result); //line 9

if ($numrows > 0) {
        $end_result = "Username already taken";
} else {
    $end_result = "";
}
echo $end_result;   

?>

Thank you! It worked, and I finely well read up on sql injection thank you fir the links — CumminUp07, Dec 27 '13 at 02:32
You're very much welcome, glad I could help. @user3138143 Stay safe ;-) — Funk Forty Niner, Dec 27 '13 at 02:32

score 0 · Answer 2 · answered Dec 27 '13 at 01:11

0

That is beacase u are using mysql_ instead of mysqli_

try this

$numrows = mysqli_num_rows($result):

answered Dec 27 '13 at 01:11

Poorya Mohammadi

751
1
8
18

score 0 · Answer 3 · answered Dec 27 '13 at 01:11

0

You cannot mix mysql_* and mysqli_* syntax.

In your case you need:

$numrows = mysqli_num_rows($result);

And you have a syntax error on the line before it (a missing quote).

answered Dec 27 '13 at 01:11

jeroen

91,079
21
114
132

getting mysql_numrows(): supplied argument is not a valid MySQL result resource

3 Answers3