0
elseif(isset($_POST['submit']))
{
    // Look for their user
    $lookuser = mysql_query("SELECT * FROM `users` WHERE username='". mysql_escape_string($_POST['username']) ."'");
    // If we find a row
    if(mysql_num_rows($lookuser) > 0)

But my else for that, echos: An error has occured. <br> If you are sure you entered your username correctly, please contact an administrator.

I've tried to echo $_POST['username']; all works out fine. I've made sure my user exists, that works out fine.

The PHP error I get: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in password.php on line 23

Luke Shaheen
  • 4,262
  • 12
  • 52
  • 82
Nathan
  • 534
  • 1
  • 5
  • 13
  • You are not doing any error checking in your query. Why not? It's no wonder it breaks with that error if the query fails. This reference question shows how: http://stackoverflow.com/questions/6198104/reference-what-is-a-perfect-code-sample-using-the-mysql-extension – Pekka Mar 19 '12 at 22:16
  • Maybe a bit more code would help. – Rich Bradshaw Mar 19 '12 at 22:16
  • Have you echoed mysql_error()? $lookuser = mysql_query("SELECT * FROM `users` WHERE username='". mysql_escape_string($_POST['username']) ."'") or die(mysql_error()); – Luke Shaheen Mar 19 '12 at 22:17
  • Sidenote: use mysql_real_escape_string() at least,if you want to stick to the mysql_* family – Damien Pirsy Mar 19 '12 at 22:17
  • @RichBradshaw what more code would you need? The error is pretty clear – Damien Pirsy Mar 19 '12 at 22:18
  • Do not use `mysql_escape_string()`, it is deprecated because it does not work properly. Use `mysql_real_escape_string()` instead. – Arjan Mar 19 '12 at 22:19
  • possible duplicate of [PHP / MYSSQL error: mysql_num_rows(): supplied argument is not a valid](http://stackoverflow.com/questions/7995001/php-myssql-error-mysql-num-rows-supplied-argument-is-not-a-valid) – Marc B Mar 19 '12 at 22:26
  • Better yet, don't use mysql_* at all -- it's all ancient, and barely supported. mysqli does everything mysql does, plus it offers support for prepared statements (which make escaping unnecessary for most use cases). – cHao Mar 19 '12 at 23:04

2 Answers2

1

Php.net says this about the return value of mysql_query:

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.

If you're getting a boolean, it's because there's a mysql error. Use mysql_error() to print the error, it'll help you diagnose the issue.

konsolenfreddy
  • 9,551
  • 1
  • 25
  • 36
FrankieTheKneeMan
  • 6,645
  • 2
  • 26
  • 37
0

You probably have an error in your sql query. To be sure of that, echo after your mysql_query mysql_error().

konsolenfreddy
  • 9,551
  • 1
  • 25
  • 36
haltabush
  • 4,508
  • 2
  • 24
  • 41