可能重复:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
我有一个PHP脚本,用户可以在其中更改其帐户设置。但是有一个问题,因为我有一个我找不到的错误。你能帮我吗?
警告:mysql_fetch_assoc()要求参数1为资源,布尔值在第69行的/Applications/XAMPP/xamppfiles/htdocs/tutorials/findFriends/account_settings.php中给出
<?
include ("inc/incfiles/header.inc.php");
if ($user) {
}
else
{
die ("You must be logged in to view this page!");
}
?>
<?
$senddata = $_POST['senddata'];
//Password variables
$old_password = strip_tags($_POST['oldpassword']);
$new_password = strip_tags($_POST['newpassword']);
$repeat_password = strip_tags($_POST['newpassword2']);
if ($senddata) {
//If the form has been submitted ...
$password_query = mysql_query("SELECT * FROM users WHERE username='$user'");
while ($row = mysql_fetch_assoc($password_query)) {
$db_password = $row['password'];
//md5 the old password before we check if it matches
$old_password_md5 = md5($old_password);
//Check whether old password equals $db_password
if ($old_password_md5 == $db_password) {
//Continue Changing the users password ...
//Check whether the 2 new passwords match
if ($new_password == $repeat_password) {
if (strlen($new_password) <= 4) {
echo "Sorry! But your password must be more than 4 character long!";
}
else
{
//md5 the new password before we add it to the database
$new_password_md5 = md5($new_password);
//Great! Update the users passwords!
$password_update_query = mysql_query("UPDATE users SET password='$new_password_md5' WHERE username='$user'");
echo "Success! Your password has been updated!";
}
}
else
{
echo "Your two new passwords don't match!";
}
}
else
{
echo "The old password is incorrect!";
}
}
}
else
{
echo "";
}
$updateinfo = $_POST['updateinfo'];
//First Name, Last Name and About the user query
$get_info = mysql_query("SELECT first_name, last_name, bio FROM users WHERE username='$user'");
$get_row = mysql_fetch_assoc($get_info);
$db_firstname = $get_row['first_name'];
$db_last_name = $get_row['last_name'];
$db_bio = $get_row['bio'];
//Submit what the user types into the database
if ($updateinfo) {
$firstname = strip_tags($_POST['fname']);
$lastname = strip_tags($_POST['lname']);
$bio = $_POST['bio'];
if (strlen($firstname) < 3) {
echo "Your first name must be 3 more more characters long.";
}
else
if (strlen($lastname) < 5) {
echo "Your last name must be 5 more more characters long.";
}
else
{
//Submit the form to the database
$info_submit_query = mysql_query("UPDATE users SET first_name='$firstname', last_name='$lastname', bio='$bio' WHERE username='$user'");
echo "Your profile info has been updated!";
header("Location: $user");
}
}
else
{
//Do nothing
}
?>
<h2>Edit your Account Settings below</h2>
<hr />
<form action="account_settings.php" method="post">
<p>CHANGE YOUR PASSWORD:</p> <br />
Your Old Password: <input type="text" name="oldpassword" id="oldpassword" size="40"><br />
Your New Password: <input type="text" name="newpassword" id="newpassword" size="40"><br />
Repeat Password : <input type="text" name="newpassword2" id="newpassword2" size="40"><br />
<input type="submit" name="senddata" id="senddata" value="Update Information">
</form>
<hr />
<form action="account_settings.php" method="post">
<p>UPDATE YOUR PROFILE INFO:</p> <br />
First Name: <input type="text" name="fname" id="fname" size="40" value="<? echo $db_firstname; ?>"><br />
Last Name: <input type="text" name="lname" id="lname" size="40" value="<? echo $db_last_name; ?>"><br />
About You: <textarea name="bio" id="bio" rows="7" cols="40"><? echo $db_bio; ?></textarea>
<hr />
<input type="submit" name="updateinfo" id="updateinfo" value="Update Information">
</form>
<br />
<br />
如果我想更改名字或姓氏,则会出现此错误:
警告:无法修改标头信息 - 已在/ Applications / XAMPP / xamppfiles中发送的标头(在/Applications/XAMPP/xamppfiles/htdocs/tutorials/findFriends/inc/incfiles/header.inc.php:72处开始输出)第93行/htdocs/tutorials/findFriends/account_settings.php
这是header.inc.php:
<?
include ("inc/scripts/mysql_connect.inc.php");
session_start();
if (isset($_SESSION['user_login'])) {
$user = $_SESSION["user_login"];
}
else {
$user = "";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="css/reset.css" media="screen">
<link rel="stylesheet" href="css/master.css" media="screen">
<link rel="stylesheet" href="css/blue.css" media="screen">
<link rel="stylesheet" href="css/main.css" media="screen">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
<script src="js/jquery.color.js"></script>
<script src="js/script.js"></script>
<script src="js/placeholder-js.js" type="text/javascript"></script>
<script src="js/main.js" type="text/javascript"></script>
<title>findFriends</title>
</head>
<body>
<div class="mashmenu">
<div id="menuWrapper">
<div class="fnav">
<a href="#" class="flink" >findFriends+ </a>
<div class="allContent">
<div class="snav" >
<a href="#" class="slink" >About findFriends</a>
<div class="insideContent">
<span class="featured" >What is it?<br />
findFriends is an open source social network, created for the sinimma YouTube tutorial
series. All code is explained and completely free to download and use.<a href="http://www.youtube.com/sinimma">Visit our YouTube
channel ...</a>
</span>
</div><!-- end insideContent -->
</div><!-- end snav -->
<div class="snav" >
<a href="#" class="slink" >Open Source?</a>
<div class="insideContent">
<span class="featured" >All code is open source and freely availible,</span>
because this means that anyone can download and improve the source code whatever
way they want without permission. <br />You may use this source code in any way to do anything.
All we <br />ask is that you keep the link at the bottom of the page, as a way of saying thanks for
all of the work we have done. :)
</div><!-- end insideContent -->
</div><!-- end snav -->
<div class="snav" >
<a href="http://www.youtube.com/sinimma" class="slink" >Youtube Channel</a>
<div class="insideContent">
<span class="featured" ></span>
</div><!-- end snav -->
</div>
</div><!-- end allContent -->
</div><!-- end fnav -->
<?
if (isset($_SESSION["user_login"])) {
echo '
<div class="fnav">
<a href="' . $user . '" class="flink" >' . $user . '\'s Profile</a>
</div><!-- end fnav -->
<div class="fnav">
<a href="account_settings.php" class="flink" >Account Settings</a>
</div><!-- end fnav -->
<div class="fnav">
<a href="logout.php" class="flink" >Logout</a>
</div><!-- end fnav -->
';
}
else
{
echo '
<div class="fnav">
<a href="index.php" class="flink" >Sign Up+ </a>
</div><!-- end fnav -->
<div class="fnav">
<a href="index.php" class="flink" >Login+ </a>
</div><!-- end fnav -->
';
}
?>
<div class="feat">
<form id="searchForm">
<fieldset>
<div class="input">
<input type="text" class="Search" id="s" value="Search findFriends ..." />
</div>
<input type="submit" id="searchSubmit" value="" />
</fieldset>
</form>
</div><!-- end fnav feat -->
</div>
</div><!--end mashmenu -->
<div id="wrapper">
<br />
<br />
<br />
<br />
答案 0 :(得分:2)
您查询失败。每当您看到“期望参数1为资源,布尔给定”错误消息时, 99.99%就是 99.99%。它弹出是因为你试图在进一步的调用中使用查询结果,但是如果失败你得到的不是你期望的资源而是boolean(false)。
拇指规则是:始终使用
等代码检查查询是否成功$result = mysql_query()
if( $result !== false ) {
// ok, let's proceed
}
此外,您的代码对SQL Injection攻击非常开放。始终使用mysql_real_escape_string()等方法传递要构建查询的变量。
修改
由于您的代码中只有一个查询,请替换:
$password_query = mysql_query("SELECT * FROM users WHERE username='$user'");
与
$password_query = mysql_query( sprintf("SELECT * FROM users WHERE username='%s'",
mysql_real_escape_string($user)) );
这将解决您的问题。你应该放弃strip_tags()。由于您正在破坏用户输入,因此它不适合在此处使用。最后它不是$password_query,而是$password_query_result。
PS:考虑放弃mysql_扩展名并使用mysqli_或PDO。 mysql_扩展名已弃用。它不应该是任何痛苦的过渡,因为mysqli_主要是直接替代。
答案 1 :(得分:0)
问题在于此查询(第68行):
$get_info = mysql_query("SELECT first_name, last_name, bio FROM users WHERE username='$user'");
此查询失败,因此$get_info包含布尔值FALSE,而不是mysql_fetch_assoc所需的MySQL资源。
并检查脚本中是否存在SQL注入漏洞 - 您的脚本非常容易受到攻击!