[killer007]

PHP Code:

<?php require_once('../Connections/MySQL.php'); ?>

<?php require_once('../config.php'); ?>

<?php

$member_id  = $_COOKIE['member_id'];

$pass_hash  = $_COOKIE['pass_hash'];

$session_id = $_COOKIE['session_id'];



require($boardpath."conf_global.php");

$db = mysql_connect($INFO['sql_host'],$INFO['sql_user'],$INFO['sql_pass']) or mysqlfail();

mysql_select_db($INFO['sql_database'],$db) or mysqlfail();





//All set. Lets go before I get bored. :P

$thequery = mysql_query("SELECT m.id AS id, m.member_login_key AS password, m.name AS name, m.mgroup AS mgroup, m.new_msg AS new_msg,  m.show_popup  AS show_popup, g.g_id AS g_id, g.g_access_cp AS g_access_cp FROM {$INFO['sql_tbl_prefix']}members m LEFT JOIN {$INFO['sql_tbl_prefix']}groups g ON ( g.g_id = m.mgroup) WHERE id='{$member_id}'",$db) or mysqlfail();

//The only query needed. :)



$member = mysql_fetch_array($thequery); //Muhahahahahahahahaaa... yeah.. whatever.



if (isset($member_id) && $pass_hash == $member['password']) {



$_SESSION['member_id'] = $member['id'];



}



echo $_SESSION['member_id'] = $member['id'];



?>

<?php

$maxRows_Recordset1 = 10;

$pageNum_Recordset1 = 0;

if (isset($_GET['pageNum_Recordset1'])) {

  $pageNum_Recordset1 = $_GET['pageNum_Recordset1'];

}

$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;



mysql_select_db($database_MySQL, $MySQL);

$query_Recordset1 = "SELECT * FROM guides";

$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);

$Recordset1 = mysql_query($query_limit_Recordset1, $MySQL) or die(mysql_error());

$row_Recordset1 = mysql_fetch_assoc($Recordset1);



if (isset($_GET['totalRows_Recordset1'])) {

  $totalRows_Recordset1 = $_GET['totalRows_Recordset1'];

} else {

  $all_Recordset1 = mysql_query($query_Recordset1);

  $totalRows_Recordset1 = mysql_num_rows($all_Recordset1);

}

$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>



<body>

<?php do { ?>

  <?php echo $row_Recordset1['gd_id']; ?>  <?php echo $row_Recordset1['gd_name']; ?><br />

  <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>

</body>

</html>

<?php

mysql_free_result($Recordset1);

?>

Error:

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\gcms\sources\test.php on line 46

I'm stuck. It seems like when I removed the code the script is able to run without errors (BUT no repeat region).

The repeat region codes are generated by Dreamweaver.

PHP Code:

if (isset($_GET['totalRows_Recordset1'])) {

  $totalRows_Recordset1 = $_GET['totalRows_Recordset1'];

} else {

  $all_Recordset1 = mysql_query($query_Recordset1);

  $totalRows_Recordset1 = mysql_num_rows($all_Recordset1);

} 

Please advise!

[End User]

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\gcms\sources\test.php on line 46

Most of the time this indicates that your query isn't returning any rows but that you're still attempting to do something with them.

[killer007]

Hello,

But if I removed the following code from the above code, there will be no error message.

PHP Code:

<?php

$member_id  = $_COOKIE['member_id'];

$pass_hash  = $_COOKIE['pass_hash'];

$session_id = $_COOKIE['session_id'];



require($boardpath."conf_global.php");

$db = mysql_connect($INFO['sql_host'],$INFO['sql_user'],$INFO['sql_pass']) or mysqlfail();

mysql_select_db($INFO['sql_database'],$db) or mysqlfail();





//All set. Lets go before I get bored. :P

$thequery = mysql_query("SELECT m.id AS id, m.member_login_key AS password, m.name AS name, m.mgroup AS mgroup, m.new_msg AS new_msg,  m.show_popup  AS show_popup, g.g_id AS g_id, g.g_access_cp AS g_access_cp FROM {$INFO['sql_tbl_prefix']}members m LEFT JOIN {$INFO['sql_tbl_prefix']}groups g ON ( g.g_id = m.mgroup) WHERE id='{$member_id}'",$db) or mysqlfail();

//The only query needed. :)



$member = mysql_fetch_array($thequery); //Muhahahahahahahahaaa... yeah.. whatever.



if (isset($member_id) && $pass_hash == $member['password']) {



$_SESSION['member_id'] = $member['id'];



}



echo $_SESSION['member_id'] = $member['id'];



?>

The primary function of the above code is to validate the user using the password hash stored in the cookie with the key hash in the database and assign a session 'member_id' to it.

[Nico]

Try

FROM {$INFO['sql_tbl_prefix']}members AS m



EDIT:

You also rely on the member_id cookie in your query. First check if it's set, and then run the query. I'd also make sure it doesn't contain unallowed content. If it's a unique ID, I'd suggest using intval().

PHP Code:

"... WHERE id='". intval($member_id) ."'" 

[killer007]

Hi!

The example given above is a sample script.

I used to have SQLs like

SELECT col, col2
FROM table
WHERE author = $_COOKIE['member_id']

Security wise, spoofing can occur by just editing the cookie.. So I've added the

PHP Code:

<?php

$member_id  = $_COOKIE['member_id'];

$pass_hash  = $_COOKIE['pass_hash'];

$session_id = $_COOKIE['session_id'];



require($boardpath."conf_global.php");

$db = mysql_connect($INFO['sql_host'],$INFO['sql_user'],$INFO['sql_pass']) or mysqlfail();

mysql_select_db($INFO['sql_database'],$db) or mysqlfail();





//All set. Lets go before I get bored. :P

$thequery = mysql_query("SELECT m.id AS id, m.member_login_key AS password, m.name AS name, m.mgroup AS mgroup, m.new_msg AS new_msg,  m.show_popup  AS show_popup, g.g_id AS g_id, g.g_access_cp AS g_access_cp FROM {$INFO['sql_tbl_prefix']}members m LEFT JOIN {$INFO['sql_tbl_prefix']}groups g ON ( g.g_id = m.mgroup) WHERE id='{$member_id}'",$db) or mysqlfail();

//The only query needed. :)



$member = mysql_fetch_array($thequery); //Muhahahahahahahahaaa... yeah.. whatever.



if (isset($member_id) && $pass_hash == $member['password']) {



$_SESSION['member_id'] = $member['id'];



}



echo $_SESSION['member_id'] = $member['id'];



?>

Managed to echo out $_SESSION['member_id'] = $member['id'] successfully with my member id value. But after I've added the 'cookie->validation->session' codes, the follow error starts to occur.. BUT, there isn't any problems with the Repeat Regions codes generated by Dreamweaver.

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\gcms\sources\test.php on line 46

Please advise.. Thanks.

[mab]

If a query fails due to syntax errors..., the result it returns will be a false value instead of a result resource. The error you are getting indicates that the query could not be executed by the mysql server.

If a mysql_fetch_array(...) is used on a query that succeeded, but there were no rows in the result set, it returns a false value. If there was at least one row remaining in the result set, it returns a row from the result set. But, your code is not getting to this point.

You are apparently using a custom mysql error function - ... or mysqlfail();. This should test for and display the actual error returned by the mysql query. If it is not, I recommend replacing it with -

PHP Code:

or die('Query Failed: ' . mysql_error()); 

I also recommend that you form the query string in a variable and then echo it out to make sure it contains the expected contents.