MySql Error

mysql_num_rows() expects parameter 1 to be resource, boolean given in… on line 15

Hello, I have this error appear on my Website whenever I try to create an account, this is the code:

[php]if(isset($_POST[“usernamecheck”])){
include_once(“php_includes/db_conx.php”);
$username = preg_replace(’#[^a-z0-9]#i’, ‘’, $_POST[‘usernamecheck’]);
$sql = ‘SELECT id FROM users WHERE username="$username" LIMIT 1’;
$query = mysql_query($sql, $db_conx);
$uname_check = mysql_num_rows($query); //This is line 15[/php]

Can someone please explain what is going wrong here, I have looked around everywhere, but noone has the same problem in the same format.

After this line.

[php]$query = mysql_query($sql, $db_conx); [/php]

Add this.

[php]if (!$query ) { // add this check.
die('Invalid query: ’ . mysql_error());
}
[/php]

If might give you clues to why it’s failing.

change this line:
[php]$sql = ‘SELECT id FROM users WHERE username="$username" LIMIT 1’;[/php]
to this:
[php]$sql = “SELECT id FROM users WHERE username=’$username’ LIMIT 1”;[/php]
or even this:
[php]$sql = “SELECT id FROM users WHERE username=’” . $username . “’ LIMIT 1”;[/php]
See the difference?
I’ve swapped the quotes around.

[php]//Anything inside a single quote is a string.
//Whereas variables inside double quotes get the values printed…
$this = ‘red’;
‘$this is a string’ // output = $this is a string
“$this is a string” // output = red is a string[/php]

So your variable $username is actually a string $username and i assume there is no one in the database of that name therefore your query is returning false.

Hope that helps
Red

mysql_escape_string($foo) is your firend, unless you want SQL-injection

so: (‘SELECT/INSERT … foo=’ . mysql_real_escape_string($bar) . ’ AND …’)

Dude! C’mon, you should know better!!

OP: Please DON’T use myslq_escape_string it is depreciated and will be removed in the future and you will have to change EVERY script it’s in!!!

See here.

Use mysqli_real_escape_string() or the PDO equivalent.

Red