I've been pondering about this for a while, I'm trying to see if the query wields any results and I want to do something if it doesn't return any results.
PHP:
<?php
session_start();
$host = "localhost";
$user = "root";
$passw = "";
$con = mysql_connect($host, $user, $passw);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$json = $_REQUEST['json'];
$json = stripslashes($json);
$jsonobj = json_decode($json);
$me = $jsonobj -> me;
$other = $jsonobj -> other;
mysql_select_db("tinyspace", $con);
$result = mysql_query("SELECT * FROM friends WHERE (user_id = '" .$me. "' AND user_id2 = '" .$other. "') OR (user_id2 = '" .$me. "' AND user_id1 = '" .$other. "')");
if(mysql_num_rows($result) > 0)
{
}
the if statement keeps giving me problems however.
Any Advice?
you should try
<?php
if($result == false){
//what you want to do if the query returns nothing
}else{
//handle the result
}
for those who think my answer is incorrect or the opposite of what is asked, please read the question from the beginning again, very carefully.
just to be sure, how many columns do you have named userid? user_id, user_id1, user_id2 ? do you mean user_id1 in place of user_id in the below line, by any chance?
$result = mysql_query("SELECT * FROM friends WHERE (user_id = '" .$me. "' AND user_id2 = '" .$other. "') OR (user_id2 = '" .$me. "' AND user_id1 = '" .$other. "')");
If so, maybe thats why you aren't fetching any results.
Edit:
$result = mysql_query("SELECT * FROM friends WHERE (user_id1 = '" .$me. "' AND user_id2 = '" .$other. "') OR (user_id2 = '" .$me. "' AND user_id1 = '" .$other. "')");
mysql_num_rows() is okay to use for checking if you have results, and should work in your example..
However, if your call to mysql_num_rows() doesn't work as expected (i.e. always false), it's almost always down to a problem with the query. mysql_num_rows() expects a result resource, and if there is a problem with your query, mysql_query will return a false.
You can amend your mysql_query() call to
mysql_query("sql here") or die(mysql_error());
That should give you an idea if the error lies in the query. Once you've checked your query is working as expected, your mysql_num_rows() will start functioning correctly.
Additionally, the mysql_ functions are depreceated, you should take a look at Prepared Statements http://php.net/manual/en/pdo.prepared-statements.php
to simply answer your question, while it seems that while your code is potentially vulnerable, it should act as you intend. This is what I use in my connection class
public function makeQuery(){
if($result = mysqli_query($this->link, $this->sql)){
if(mysqli_num_rows($result) != 0){
while($r = mysqli_fetch_array($result)){
$return[] = $r;
}
mysqli_free_result($result);
return $return;
}else{
return 0;
}
}else{
// db error here
}
}
This assumes you feed the class some value for $sql and $link... but you can then check for either an integer return or an array return. if it is an integer (0), it had no rows, an array will be the returned rows. If there is an error it will fall into the error logic (I send myself an email in this case).
$result = mysql_query("SELECT * FROM `friends` WHERE (`user_id1` = '" .$me. "' AND `user_id2` = '" .$other. "') OR (`user_id2` = '" .$me. "' AND `user_id1` = '" .$other. "')");