Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
I am getting this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/valerie2/public_html/elinkswap/snorris/filename.php on line 89
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/valerie2/public_html/elinkswap/snorris/filename.php on line 90
Here are the lines of code it is talking about:
dbConnect();
$SQL="SELECT fileID FROM uploads WHERE fileName='".$result."'";
//echo $SQL;
$rs=mysql_query($SQL);
echo mysql_num_rows($rs); // line 89
if(mysql_num_rows($rs)!=0){ // line 90
$extension=strrchr($result,'.');
$result=str_replace($extension,time(),$result);
$result=$result.$extension;
}
return $result;
}
Can someone explain to me why I keep getting this error?
This is because your mysql_query has failed because of syntax or execution errors in the SQL command.
Make sure you can execute your SQL query (the one that you get using echo $SQL; line) in phpMyAdmin or whatever tool you have.
Whenever mysql_query fails, it returns False instead of a mysql resource. So you should always check if (!$rs) or use the or die(...) mechanism.
You should see what mysql_error() says, place it after the mysql_query;
mysql_query($SQL) or die(mysql_error());
This should produce an error, which is why your code isn't going any further than the query function thus making your num_rows invalid.
You query has failed, so $rs holds boolean false, which will result in that error. You need to do something like:
dbConnect();
$query = "SELECT fileID
FROM uploads
WHERE fileName='".mysql_real_escape_string($result)."'
LIMIT 1";
// Added LIMIT 1 for speed - you are only checking if the record exists, so you
// can stop as soon as you find one.
if (!$rs = mysql_query($query)) {
// Handle query error here
// e.g.
echo "Oh no! The query failed! Error: ".mysql_error();
// BUT you should NEVER show the result of mysql_error() in a production environment!
}
if (mysql_num_rows($rs)) { // This is sufficient for detecting whether there were any results
// A better way of doing what you did:
$result = explode('.',$result);
array_splice($result,-1,0,time());
$result = implode('.',$result);
// This is better, because str_replace() will replace ALL occurrences of the
// extension - this way only inserts the timestamp before the extension and
// doesn't ever do anything else
}
return $result;
While the error is being reported here:
echo mysql_num_rows($rs);
The cause of the error is here:
$SQL="SELECT fileID FROM uploads WHERE fileName='".$result."'";
//echo $SQL;
$rs=mysql_query($SQL);
Likely candidates are:
$result contains un-escaped quotes leading to the SQL being malformed - and also your code is susceptible to SQL injection attacks
You didn't call mysql_connect() before this code executes
you didn't select a database (and haven't qualified the table name in the query) before this code executes.
you don't have a table called uploads in the current DB, or this table doesn't contain columns named fileID or fileName
Issue 1 should be evidence if you uncomment the 'echo $SQL;', issues 2, 3 and 4 would be evident if you check mysql_error() after calling mysql_query();