-2

Possible Duplicate:
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select

Hello everyone I hope you could help with this problem like you did with my last one. I'm trying to make a user registration with php and I do everything good except this:

     Warning: mysql_result(): supplied argument is not a valid 
     MySQL result resource in

First I've tried to do a sanitize function but it didn't work. Here is my first try

    function user_exists ($username){
    $username = sanitize ($username);
    return (mysql_result(mysql_query("SELECT COUNT('id') FROM 'members' WHERE 
    'username' = '$username' "), 0) == 1) ? true : false;
    }

Then I though I could try with the mysql_real_escape_string but then that mysql_result error came and it is driving me crazy because I can't find what I got wrong. Here is my code with the mysql_real_escape_string:

     function user_exists ($username){
     $username = mysql_real_escape_string ($username);
     return (mysql_result(mysql_query("SELECT COUNT('id') FROM 'members' WHERE 
     'username' = '$username' "), 0) == 1) ? true : false;
     }

I hope someone could tell me where I got it wrong so I could learn from my mistakes. Thank you all!!!

Community
  • 1
  • 1
user2015448
  • 3
  • 1
  • And [MySQL - when to use single quotes, double quotes, and backticks?](http://stackoverflow.com/questions/11321491/mysql-when-to-use-single-quotes-double-quotes-and-backticks) – mario Jan 31 '13 at 14:03
  • 1
    Please do not use mysql_* functions, they are marked as deprecated. Use PDO or either MySQLi. http://php.net/manual/en/mysqlinfo.api.choosing.php – Jordi Kroon Jan 31 '13 at 14:05

1 Answers1

0

problem is you are wrapping table name and column names with single quote, it must be removed since the names are not on MySQL Reserved Keyword List and the proper way to escape it is by using backticks.

SELECT COUNT(id) 
FROM members 
WHERE username = '$username'
John Woo
  • 249,283
  • 65
  • 481
  • 481
  • This is actually not true. Your answer is correct, but your reasoning is not. Even if they are MySQL reserved keywords, a single quote is not the proper way to escape them. You must use the back-tick character. Quotes are for strings, not for identifiers. – Colin M Jan 31 '13 at 14:03
  • Single quotes around table names and column names are always incorrect. – Arjan Jan 31 '13 at 14:03
  • @ColinMorelli wait, did i say `single quote is the proper way to escape them`? – John Woo Jan 31 '13 at 14:04
  • No, you said "it must be removed since the names are not on MySQL Reserved Keyword List" which has nothing to do with why they must be removed. They must be removed because **they're wrong** always. – Colin M Jan 31 '13 at 14:05
  • Well after I've removed them I got the other nice error which I was getting `Warning: mysql_result() expects parameter 1 to be resource, boolean given in` – user2015448 Jan 31 '13 at 14:23