0

Please help im newb in php

this is the line 13

$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));

this is my codes

<?php
function user_data($user_id) {
    $data = array();
    $user_id = (int)$user_id;

    $func_num_args = func_num_args();
    $func_get_args = func_get_args();

    if ($func_num_args > 1) {
        unset($func_get_args[0]);

        $fields = '`' . implode('`,`', $func_get_args) . '`';
        $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));

        print_r($data);

        return $data;
    }
}

function logged_in() {
    return (isset($_SESSION['user_id'])) ? true : false;
}

function user_exists($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}

function user_active($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false;
}

function user_id_from_username($username) {
    $username = sanitize($username);
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}

function login($username, $password) {
    $user_id = user_id_from_username($username);

    $username = sanitize($username);
    $password = md5($password);

    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}   
?>

please help thank you so much

Harold Galope
  • 1

2 Answers2

0

Your query with mysql_query() fails thus returns FALSE instead of a resource causing mysql_fetch_assoc to fail.

Always check for a returning value, before passing it to mysql_fetch_assoc()

$result = mysql_query("SELECT...");
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

On a side note please, don't use mysql_* functions for new code. They are deprecated. Use prepared statements with either PDO or MySQLi. Here is good PDO tutorial.

peterm
  • 88,818
  • 14
  • 143
  • 153
0

Your code:

$data = mysql_fetch_assoc(mysql_query(.....

Never never do it like this. Putting both the DB functions on the same line of code like that with one just passing its result straight to the other.

By doing it this way, you are completely ignoring the possibility that mysql_query() might have an error.

And that is exactly what is happening in your case. mysql_query() is returning false because of some kind of error while making the query. You didn't check for errors, but just passed that result to mysql_fetch_assoc(). So now that function is given a false value instead of a mysql result, and that's what the error message is all about.

You absolutely must put these two calls on separate lines of code, and do some error checking in between them.

The actual error that is occurring could be caused by several things, but because you've thrown away the error that mysql_query is generating, we can't be certain what the problem is. Putting the proper error checking in there will help you work it out.

However, some possible causes:

  • You called the function without any additional arguments other than userID. This will result in $fields being set to just an empty pair of backticks ``, which would be invalid SQL.
  • One of the fields has a backtick in its fieldname. You're not checking for this, but a backtick in a fieldname will break your SQL code. This is dangerous and could lead to a possible way to hack your site.
  • The DB connection is invalid or broken. This could be a problem elsewhere in your code (in which case, you may need to add better error checking elsewhere too), or completely outside of your code (ie if the DB itself has gone down; unlikely, but possible; your code needs to be able to cope if it happens).

Finally, since you state that you're a newb in PHP, I should tell you that all the mysql_xxx() functions are deprecated; they are not recommended for use any more.

I would strongly advise you to stop using them now, before you get stuck with too much code and it's too hard to change, because they will be removed from future versions of PHP, and code that uses them will stop working.

Instead, you should consider using the PDO library. This is a modern DB library for PHP that has a whole stack of features that simply aren't available in the old mysql_xxx() functions. You can find out more here and here. You should also read the answers to this question here on SO: Why shouldn't I use mysql_* functions in PHP?

Hope that helps.

Community
  • 1
  • 1
Spudley
  • 161,975
  • 39
  • 229
  • 303