开发者

supplied argument is not a valid MySQL result resource

开发者 https://www.devze.com 2023-03-31 08:31 出处:网络
I have developed a small CMS on my local WAMP machine. Once I have exported my project on to the hosting, the following problem shows up

I have developed a small CMS on my local WAMP machine.

Once I have exported my project on to the hosting, the following problem shows up

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result reso开发者_如何学编程urce in /homepages/36/d288053636/htdocs/MYWEBSITE/admin/index.php on line 44

Warning: Cannot modify header information - headers already sent by (output started at /homepages/36/d288053636/htdocs/MYWEBSITE/admin/index.php:44) in /homepages/36/d288053636/htdocs/MYWEBSITE/admin/index.php on line 62

LINE 44:

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM pureUser WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

Line 62:

header("Location: index.php");

What does those errors mean?


The SQL query has not finished correctly. You most likely uploaded the script, but have either not uploaded the database, or have wrong database credentials.

Hint You can get very good and descriptive error messages when you put the following code after a failing mysql_query statement:

if (mysql_error()) {
    die(mysql_error());
}


The first error means means that you're calling mysql_fetch_assoc() on something that isn't a MySQL resource. mysql_query is supposed to return a proper resource, so if you're getting this error it probably means that your query failed (something is probably configured wrong).

Due to the way HTTP works, it's impossible to send HTTP headers (such as the Location header) after you've started writing the body of the page. When the first error occurred, it wrote an error message to the body, causing another error when you tried to send the headers to redirect the user. This should go away ince you've fixed your first bug.


It means your query is failing. There are multiple reasons why, including possibly a connection failure to your database or an error in your SQL query. Have you tried debugging to determine if your query syntax is correct?


Your problem here is that after the concatenation, your query is probably invalid.

You should log your query after the concatenation to see if this is the case. You should also test what the mysql_query returns before to call mysql_fetch_assoc.

On another note:

Is that your true production code ? If this is a public facing site then that's a serious security hole and is vulnerable to SQL injection attacks.

What if I put in your username field:

 1;TRUNCATE pureUser --

Your query become:

SELECT id,usr FROM pureUser WHERE usr=1; TRUNCATE pureUser -- AND pass=...

So, you should try the filter php native extension:

Data filtering

Futhermore, you should try PDO, which is more powerful and robust to work with databases:

PHP Data Objects

0

精彩评论

暂无评论...
验证码 换一张
取 消