开发者

PHP MYSQL Warning: mysql_query() expects parameter 1 to be string, resource given in

问答 作者: 
<?php
    include 'connect.php';
    include 'header.php';
    
    $page = "signup.php";
    // receive the invite code:
    $co开发者_StackOverflow中文版de = $_POST['code'];
    $sql = "SELECT codes FROM invites WHERE codes='$code'";
    // check the table for matching codes
    $result = mysql_query($sql);
    // check if the request returned 1 or 0 rows from the database
    if (mysql_query($result)) {
        // end any previously defined sessions.
        session_start();session_unset();session_destroy();
        // start a new session
        session_start();
        // define the session variable.
        // this allows us to check if it's set later and is required for
        // the script to run properly.
        $code = $_POST["code"];
        mysql_query("DELETE FROM invites WHERE codes='$code'");
        header('Location: '.$page);
        exit;
    } else {
        echo "Invite invalid. Please try again later.";
        echo $code;
    }
    
    include 'footer.php';
?>

I am trying to implement an invite system to a webpage I am working on. However when trying to evaluate if there is a row containing the invite code I keep either getting nothing or this warning. The warning in this case but if I change the if state to ==1, it allows everyone regardless of code and ==0 does throws different errors.

if (mysql_query($result)) {

Try mysql_num_rows there.

There are a few things wrong here.

1) SQL Injection vulnerabilities, don't ever pass a superglobal $_POST or $_GET or any other user-supplied variable directly inside your query! Use at minimum mysql_real_escape_string() to the variable before letting it into the query, or better look into parametrized queries, it's the best way to avoid SQL vulnerabilities

2) 

$result = mysql_query($sql);
// check if the request returned 1 or 0 rows from the database
if (mysql_query($result)) ....

This doesn't check if request returns 1 or 0 rows, you should use mysql_num_rows() here instead

if(mysql_num_rows() == 1)  //or whatever you need to check

3)

session_start();session_unset();session_destroy();
// start a new session
session_start();

session_start() should be called before anything in your page. Don't know why this redundancy of calling, unsetting, destroying, recalling it here. If you want another id, just use session_regenerate_id();

And as already said by other, use some error reporting in your query, something like 

$result = mysql_query($sql) or die(mysql_error())

to actually see what's failed, where and why.

Problem is your query. First of all check your statement and use this :

$result = mysql_query($sql) or die(mysql_error());

instead of this 

$result = mysql_query($sql);

So, you can see are there any error at your SQL query .

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9