1

Possible Duplicate:
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select

Here's my code:

<html>
    <head>
    </head>

    <body>
        <?php 
            $user = mysql_real_escape_string($_GET["u"]);
            $pass = mysql_real_escape_string($_GET["p"]);

            $query = "SELECT * FROM usario WHERE username = '$user' AND password = '$pass'";

            mysql_connect(localhost, "root", "");
            @mysql_select_db("multas") or die( "Unable to select database");

            $result=mysql_query($query);
            if(mysql_numrows($result) > 0){
                echo 'si';
            }   
         ?>
    </body>
</html>

And here's the error I get when I try to run it

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 7

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 7

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 8

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 8

Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\useraccess.php on line 16
Community
  • 1
  • 1

3 Answers3

3

You need to make your database connection before you call

mysql_real_escape_string

if you don't want to do that, use

mysql_escape_string

instead, since it doesn't care about the connection

Zak
  • 24,947
  • 11
  • 38
  • 68
  • I fixed it, and now I get this error after I followed your advice: Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\useraccess.php on line 19 –  Jun 01 '10 at 22:01
  • 1
    mysql_escape_string is deprecated. – webbiedave Jun 01 '10 at 22:07
  • 1
    wow, it's been so long since I manually string escaped something without using a db layer that I didn't even know this happened!!! – Zak Jun 01 '10 at 22:10
  • Also, sergio, please accept this answer as a solution to your problem, then open a new question. It helps keep things clear. – Zak Jun 01 '10 at 22:11
  • 2
    @Sergio Tapia: Zak answered your question. You should accept this answer (instead of merely piggybacking questions). Learn to use `mysql_query($query) or die(mysql_error());` to investigate possible errors. – webbiedave Jun 01 '10 at 22:11
  • 1
    @Zak: Yes. They should deprecate the whole API really :) – webbiedave Jun 01 '10 at 22:12
  • 1
    yes they should. I suppose my real answer here should be "USE PDO!" (or equiv) – Zak Jun 01 '10 at 22:14
1

You need to put single quotes around 'localhost':

mysql_connect('localhost', 'root', '');

Also, a blank root password? Really?

Satanicpuppy
  • 1,569
  • 8
  • 11
  • actually, localhost will be considered a string literal. this answer is wrong, although it makes a good point about the blank root password. – Zak Jun 01 '10 at 22:02
  • @zak: Better tell php.net, because that's what it looks like in the documentation for mysql_connect. – Satanicpuppy Jun 02 '10 at 14:37
  • although the "proper" way to include string literals is in double or single quotes, php will accept unquoted string literals as well. Just because it doesn't look the same doesn't mean it is wrong. – Zak Jun 02 '10 at 22:32
1

Move mysql_connect(localhost, "root", ""); above $user = ...

Flavius Stef
  • 13,740
  • 2
  • 26
  • 22