problems with a mysql argument

Question

i am have problems with my coding for sanitizing i keep getting this error come up

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in PATH on line 4

this is my code

<?php
function staff_exists($staff_username) {
$staff_username = sanitize($staff_username);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM 'login' WHERE 'staff_username' = '$staff_username'"),0) == 1) ? true : false;
}
?>

You have a lot of functions nested there. Break them out into separate calls so you can isolate what is going on. — Jay Blanchard, Mar 31 '15 at 12:32
Just fyi, mysql_* functions are deprecated, consider checking out PDO (http://php.net/manual/en/pdo.query.php), the replacement. Also, indenting properly will help you maintain your code, and will help us decipher it as well :) — Gershom Maes, Mar 31 '15 at 12:33

score 1 · Accepted Answer · edited May 23 '17 at 12:22

1

Use below SQL syntax.

mysqli_query("SELECT COUNT(`id`) FROM `login` WHERE `staff_username` = '$staff_username';");

Use backticks as ' is used to string-delimiter.

Also, don't use mysql_* functions, they are deprecated.

edited May 23 '17 at 12:22

Community

1
1

answered Mar 31 '15 at 12:30

D4V1D

5,805
3
30
65

still wont work because '$staff_username' is between single-quotes, php can not interpret the value – Grumpy Mar 31 '15 at 12:34
Yes it can. The value is surrounded by `"` for PHP, not `'` which is just part of the value passed to `mysqli_query()` function. – D4V1D Mar 31 '15 at 12:36
i am now get the error Parse error: syntax error, unexpected T_STRING – user3727055 Mar 31 '15 at 12:40
thank you very much i got it to work now you get the improve only problem is yours using mysqli and i am using mysql – user3727055 Mar 31 '15 at 12:42
Well, you can easily use the `mysql_query()` function instead but please, [**don't**](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). – D4V1D Mar 31 '15 at 12:43

Grumpy · Answer 2 · 2015-03-31T12:34:34.710

-1

<?php
function staff_exists($staff_username) {
$staff_username = sanitize($staff_username);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM 'login' WHERE 'staff_username' = '".$staff_username."'"),0) == 1) ? true : false;
}
?>

changed '$staff_username' changed to '".$staff_username."'"

edited Mar 31 '15 at 12:34

answered Mar 31 '15 at 12:32

Grumpy

2,140
1
25
38

No need for concatenating variable when `"` quotes are used. – D4V1D Mar 31 '15 at 12:33
1

Column and table names should be backticked, not quoted. – Jay Blanchard Mar 31 '15 at 12:37

problems with a mysql argument

2 Answers2