0

I am trying to create a voting system in PHP. Apart from creating a standard table with 'USER' and 'PASS' as fields to contain login information, I created another table with fields : 'USER' and 'CHECK' where 'CHECK' is a binary INT with a default value of "0". But when a student votes, the 'CHECK' field is updated to '1'.

I have the login script designed such that it first checks for a record in 'USER' and 'PASS', then checks for another record in the 'USER' and 'CHECK' table for a default value of "0" to allow voting. If its "1", it redirects to an 'AlreadyVoted.htm' page. 

<?php
session_start();
$_SESSION['StudentID']=$_POST['UserID'];

include 'db_conneck.php';

$studentid=mysql_real_escape_string($_POST['UserID']);
$userpass=mysql_real_escape_string($_POST['LogPass']);
$sql="SELECT * FROM user_login WHERE studentid='$studentid' and password='$userpass'";
$sql1="SELECT * FROM check_login WHERE studentid='$studentid' and check='0'";
$sql2="SELECT * FROM check_login WHERE studentid='$studentid' and check='1'";
$result=mysql_query($sql);
$result1=mysql_query($sql1);
$result2=mysql_query($sql2);
$count=mysql_num_rows($result);
$count1=mysql_num_rows($result1);
$count2=mysql_num_rows($result2);

if ($count==1 and $count1==1){
    header ("location:FirstVote.php");
}
else if ($count==1 and $count2==1){
    header ("location:AlreadyVoted.html");
}
else {
    echo "Information Not On Database";
}
exit()
?>

However I get this error

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\xampp\FirstVotePage\LoginCombo.php on line 13

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\xampp\FirstVotePage\LoginCombo.php on line 14 Information Not On Database

Chris Forrence
  • 9,860
  • 11
  • 47
  • 62
RowVitz
  • 1
  • 1
  • I think it would be easier using a `LEFT JOIN`to join the two tables together ON the studentid, then you only need one query and not 3. – jdepypere Aug 05 '13 at 09:29
  • Your query is failing. – Yogesh Suthar Aug 05 '13 at 09:32
  • It'd be better in every possible conceivable way to _not_ use `mysql_*` at all, it's been deprecated, and its use has been discouraged for quite some time. Check any of the doc pages of any of the `mysql_*` functions and _read_ the red warning box – Elias Van Ootegem Aug 05 '13 at 09:33
  • could you @arbitter exactly help me on how to use the `LEFT JOIN` query function?.. Thank You – RowVitz Aug 05 '13 at 12:39
  • There is **no more support** for `mysql_*` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and will be [**removed**](http://php.net/manual/en/function.mysql-connect.php#warning) in the future. You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/msqli) to ensure the functionality of your project in the future. – tereško Aug 05 '13 at 23:29

4 Answers4

1
$result=mysql_query($sql) or die(mysql_error());
$result1=mysql_query($sql1) or die(mysql_error());
$result2=mysql_query($sql2) or die(mysql_error());

Note : The mysql extension is deprecated and will be removed in the future.

som
  • 4,614
  • 2
  • 19
  • 36
1

CHECK is reserved keyword you should escape it by backticks.

use those queries instead.

 $sql1="SELECT * FROM check_login WHERE studentid='$studentid' and `check`='0'";
 $sql2="SELECT * FROM check_login WHERE studentid='$studentid' and `check`='1'";
echo_Me
  • 36,552
  • 5
  • 55
  • 77
0

there is problem in query try to echo the query and then try executing it manually in database.

your query is returning boolean value of false instead of resource.

0

Note: I'am still surprised that some PHP programmers still using or die in combination with mysql_error() or give it as example code, hackers love it because of the information leaks...

Raymond Nijland
  • 11,193
  • 2
  • 18
  • 32
  • THANKS A LOT . the check correction is working but the query doesnt seem to be working. Can anyone please help on the **LEFT JOIN** function in mysql-query? – RowVitz Aug 05 '13 at 12:21