Programming Forums > Web Development and Design > PHP

DaWei · Jul 30th, 2005, 3:11 PM

The principle behind the suggestion is that for robust code you need to keep all warnings and errors enabled and turned up full volume, so to speak. That helps catch the inevitable bugs you will have in your code. When you go to production, you suppress/reroute by catching the errors and either logging them or emailing them to yourself, but keep them from sight of the user. Any fatal errors, of course, should be made known to the user in general terms. Do not give specific details of an error to the user -- he/she might be malicious and able to intuit a weak point of penetration if you do so.

Intimidat0r · Jul 30th, 2005, 6:27 PM

(Toggle Plain Text)

function check_login_info($username, $password)
	{
		$user_exists = false;
		$dbcon = db_connect();
		$selected = mysql_select_db("users", $dbcon);
		$userresult = mysql_query("SELECT username FROM users");
                #################
		while ($userrow = mysql_fetch_array($userresult, MYSQL_ASSOC))
		{
			if ($userrow['username'] == $username)
				$user_exists = true;
		}
		if (!$user_exists)
		{
			die ("That user doesn't exist.");
		}
		$result = mysql_query("SELECT password FROM users WHERE username='".$username."'", $dbcon);
		$row = mysql_fetch_array($result, MYSQL_ASSOC);
		if (md5($password) == md5($row['password']))
		{
			return login_user();
		} else {
			return false;
		}
		mysql_free_result($result);
		mysql_close($dbcon);
	}

im trying to do that and here's the warning im getting:

Quote:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/infrec/public_html/infrec/login_result.php on line 17

line 17 is the one right under all the #s

DaWei · Jul 30th, 2005, 6:42 PM

Test the success of the query before you try to use the result in subsequent operations. If the query failed you won't have something you can fetch an array from. If you use the query error message you'll normally get an informative guide.

Intimidat0r · Jul 30th, 2005, 9:14 PM

How do I test the success of the query? The only thing i can think of is to use mysql_fetch_assoc() to print it but of course that won't work...

DaWei · Jul 30th, 2005, 9:27 PM

Quote:

Originally Posted by PHP manual

For SELECT, SHOW, DESCRIBE or EXPLAIN statements, mysql_query() returns a resource on success, or FALSE on error.

For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error.

Here's an example of exiting on failure, with the SQL error message:

(Toggle Plain Text)

$catalog = mysql_query ($queryProducts) or die (mysql_error());

One could also test for false and take some other action. Printing out the actual mysql error is a good idea, particularly during the development phase.

Intimidat0r · Jul 31st, 2005, 8:29 PM

ok it says "No database selected" and im like "god im dumb". after i connect:

$dbcon = mysql_connect($dbhost, $dbusername, $dbpassword);

how do i select the db? and then how do i select the table for the query to operate on?

DaWei · Jul 31st, 2005, 9:17 PM

mysql_select_db ($database) or die (mysql_error());

after that, "Select whatever from whosis", whatever is the column (field), whosis is the table. Keep the PHP manual handy on a link or a tab. It's invaluable. Just search for the function name to get the parameters and return.

Intimidat0r · Aug 1st, 2005, 3:59 PM

now it says this:

Quote:

Access denied for user: 'infrec_user@localhost' to database 'Resource id #2'

i know ill have to bother the hosting people with this one. but does anyone know what it means by 'Resource id #2'? thanks.

DaWei · Aug 1st, 2005, 5:21 PM

It sounds like you have two connections to the same DB. You're being denied access to the second connection for whatever reason. Also, if you use the designation, "localhost", mysql will override that and try to connect to a local socket. If you really want that not to happen (want to actually use tcp/ip), use 127.0.0.1. The use of "localhost" coupled with your comment about "the hosting people" confuses me because "localhost" is normally YOUR machine.

Berto · Aug 2nd, 2005, 2:29 AM

With my hosting i use localhost as well, so its with regards to the machine hosting the webpage.

This is also due to the fact i can if i want have remote access to my database but i turn it off, therefore only enabaling it to my web pages and not external ones.

Jul 30th, 2005, 3:11 PM	#11
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	The principle behind the suggestion is that for robust code you need to keep all warnings and errors enabled and turned up full volume, so to speak. That helps catch the inevitable bugs you will have in your code. When you go to production, you suppress/reroute by catching the errors and either logging them or emailing them to yourself, but keep them from sight of the user. Any fatal errors, of course, should be made known to the user in general terms. Do not give specific details of an error to the user -- he/she might be malicious and able to intuit a weak point of penetration if you do so. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Jul 30th, 2005, 6:42 PM	#13
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	Test the success of the query before you try to use the result in subsequent operations. If the query failed you won't have something you can fetch an array from. If you use the query error message you'll normally get an informative guide. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Jul 30th, 2005, 9:14 PM	#14
Intimidat0r Hobbyist Programmer Join Date: May 2005 Location: Don't know, but the padded walls are a nice touch. Posts: 126 Rep Power: 0	How do I test the success of the query? The only thing i can think of is to use mysql_fetch_assoc() to print it but of course that won't work... __________________ Children in the dark cause accidents, and accidents in the dark cause children. http://www.ronincoders.org

Jul 31st, 2005, 8:29 PM	#16
Intimidat0r Hobbyist Programmer Join Date: May 2005 Location: Don't know, but the padded walls are a nice touch. Posts: 126 Rep Power: 0	ok it says "No database selected" and im like "god im dumb". after i connect: $dbcon = mysql_connect($dbhost, $dbusername, $dbpassword); how do i select the db? and then how do i select the table for the query to operate on? __________________ Children in the dark cause accidents, and accidents in the dark cause children. http://www.ronincoders.org

Jul 31st, 2005, 9:17 PM	#17
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	mysql_select_db ($database) or die (mysql_error()); after that, "Select whatever from whosis", whatever is the column (field), whosis is the table. Keep the PHP manual handy on a link or a tab. It's invaluable. Just search for the function name to get the parameters and return. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Aug 1st, 2005, 5:21 PM	#19
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	It sounds like you have two connections to the same DB. You're being denied access to the second connection for whatever reason. Also, if you use the designation, "localhost", mysql will override that and try to connect to a local socket. If you really want that not to happen (want to actually use tcp/ip), use 127.0.0.1. The use of "localhost" coupled with your comment about "the hosting people" confuses me because "localhost" is normally YOUR machine. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Aug 2nd, 2005, 2:29 AM	#20
Berto Programming Guru Join Date: Aug 2004 Posts: 1,022 Rep Power: 5	With my hosting i use localhost as well, so its with regards to the machine hosting the webpage. This is also due to the fact i can if i want have remote access to my database but i turn it off, therefore only enabaling it to my web pages and not external ones. __________________ "Put your hand on a hot stove for a minute, and it seems like an hour. Sit with a pretty girl for an hour, and it seems like a minute. THAT'S relativity." - Albert Einstein

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Programming Forums > Web Development and Design > PHP

aargh! include thing with function call