3

so my code is this..

<?php

$password=(!isset($_POST['password']));
$username=(!isset($_POST['username']));

    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

$query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");

   $result = mysql_query($query);

   var_dump($result);

   $num_rows = $result->$num_rows;

    if ($num_rows)
    {
        echo "username already exist";
    }
    else
    {
     $query = "INSERT INTO tb_funcionario (nome_funcionario, username, password) VALUES (
    '$_POST[nome_funcionario]',
    '$_POST[username]',
    '$_POST[password]'
    )";;

       $result = mysql_query($query) or die (mysql_error());

    }


        mysql_query($query);
        mysql_close($bd_con);
?>

And its always giving me the "mysql_query() expects parameter 1 to be string, resource given" and i cant figure out how to solve it.

Can yall help me?

AphexBeirut
  • 29
  • 1
  • 1
  • 5
  • 6
    My favourite bit: `$username=(!isset($_POST['username']));` – Álvaro González Jan 10 '12 at 15:56
  • 1
    As @ÁlvaroG.Vicario points out. `$username=(!isset($_POST['username']));` will return either `true` or `false`. – gen_Eric Jan 10 '12 at 16:02
  • 1
    My favourite bit: Useless people like @ÁlvaroGonzález who criticize and doesn't contribute explaining why they are acting smartass. Should be a permaban :) – Liquid Core Oct 09 '16 at 19:22
  • @LiquidCore If you'd like more details, that's called [Cargo cult programming](https://en.wikipedia.org/wiki/Cargo_cult_programming). It's typically the result of stuffing together blocks of code found elsewhere which are not really understood by the programmer. As you can see, you can just ask nicely. There's no need to resort to personal insults (unless, of course, all that matters to you is finding a good quarrel, what's called being a [troll](https://en.wikipedia.org/wiki/Internet_troll)). – Álvaro González Oct 16 '16 at 12:11
  • 2
    @ÁlvaroGonzález You're the first who posted garbage which didn't contributed in any way to the resolution of the question, cargo programming or not. The spirit of this community it's not about making jokes on who's learning. Get yourself togheter. :) – Liquid Core Oct 17 '16 at 07:33

7 Answers7

6

This is your problem:

$query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");

$result = mysql_query($query);

You're running a query on the first line, which returns a "resource" as a result of the query. Then on the immediate next line you try to use that resource as another query to run again. You don't need the second line, the $result can be set in the first line.

David
  • 208,112
  • 36
  • 198
  • 279
3

You have some unnecessary/wrong lines in your code, especially:

$query = mysql_query ("SELECT * FROM tb_funcionario WHERE 
    username='$username' and password='$password'");

$result = mysql_query($query);

I guess you wanted to write:

$query = "SELECT * FROM tb_funcionario WHERE 
    username='$username' and password='$password'";

$result = mysql_query($query);
miku
  • 181,842
  • 47
  • 306
  • 310
2
$query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");
$result = mysql_query($query);

Is incorrect. You should just be assigning the query string to $query - what you're doing is running the query once, then trying to run the result of the query as a query again. You should have:

$query = "SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'";
$result = mysql_query($query);

which would give you the results you seek.

WWW
  • 9,734
  • 1
  • 29
  • 33
2

your problem is here $query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");

then you are running mysql_query($query) and it's trying to run the command against the resultset returned by the first statement, not a string like it should actually be

jere
  • 4,306
  • 2
  • 27
  • 38
1

Look at this:

$query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");
$result = mysql_query($query);

Change it for:

$query = "SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'");
$result = mysql_query($query);
Nobita
  • 23,519
  • 11
  • 58
  • 87
1
<?php
$query = "INSERT INTO tb_funcionario (nome_funcionario, username, password) VALUES (
        '".mysql_real_escape_string($_POST[nome_funcionario])."',
        '".mysql_real_escape_string($_POST[username])."',
        '".mysql_real_escape_string($_POST[password])."'
        )";
?>
jbrtrnd
  • 3,815
  • 5
  • 23
  • 41
1

Your problem comes from those lines:

$query = mysql_query ("SELECT * FROM tb_funcionario WHERE username='$username' and    password='$password'");

$result = mysql_query($query);

Your calling the mysql_query() function twice.

You can do:

$sql = "SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'";

$result = mysql_query($sql);

Or either:

$result = mysql_query( "SELECT * FROM tb_funcionario WHERE username='$username' and password='$password'"; );
COD3BOY
  • 11,964
  • 1
  • 38
  • 56
Yann Boisclair-Roy
  • 179
  • 1
  • 14