Reputation: 33
I am trying to make it so that if their IP is in the database then they can't send an email. In the php54_errors file it says
[30-Dec-2012 18:25:26 Europe/Dublin] PHP Warning: mysql_num_rows() expects parameter 1 to be resource, string given in C:\inetpub\wwwroot\Submit.php on line 6
[30-Dec-2012 18:25:26 Europe/Dublin] PHP Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\inetpub\wwwroot\Submit.php on line 7
My PHP code is this
<?php
include("connect.php");
mysql_select_db("ip", $con);
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$query = "SELECT * FROM ip WHERE ip='$ip'";
$result = mysql_num_rows($query);
if (mysql_num_rows($result) > 0) {
echo "You have already registered!";
}
else {
echo"Your request has been sent!";
$to = "admin@prisoneternity.org.uk";
$subject = "Guard Application";
$from = "guardapplication@prisoneternity.org.uk";
$headers = "From:" . $from;
$message = "IGN = " . $_POST["Username"] . "</br>\n\nage = " . $_POST["age"] . "</br>\n\nreason = " . $_POST["reason"] . "</br>\n\nHow many times have they been guard = " . $_POST["guard"] . "</br>\n\nOther Details = " . $_POST["text"];
mail($to,$subject,$message,$headers);
header ("Location: index.php?email=yes");
session_start();
mysql_query("INSERT INTO ip (IP) VALUES ('$ip')");
}
?>
Upvotes: 3
Views: 76
Reputation: 9444
On the second line, mysql_num_rows
is returning an integer because the $result
variable is already calling the function, if that makes sense. Change it to this:
$result = mysql_num_rows($query);
if ($result > 0) {
Also, you're not running the query:
$query = "SELECT * FROM ip WHERE ip='$ip'";
Change the above line to this:
$query = mysql_query("SELECT * FROM ip WHERE ip='$ip'");
On a side note, mysql_*
functions are deprecated. I'd switch to PDO
or MySQLi
— examples can be found in the PHP Manual.
Upvotes: 1
Reputation: 15044
$result = mysql_num_rows($query);
if (mysql_num_rows($result) > 0) {
should be:
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
You were not running the mysql_query()
, instead calling mysql_num_rows()
twice. Simple accident =o) Btw you should be using PDO or MySQLi.
Also:
echo"Your request has been sent!";
$to = "admin@prisoneternity.org.uk";
$subject = "Guard Application";
$from = "guardapplication@prisoneternity.org.uk";
$headers = "From:" . $from;
$message = "IGN = " . $_POST["Username"] . "</br>\n\nage = " . $_POST["age"] . "</br>\n\nreason = " . $_POST["reason"] . "</br>\n\nHow many times have they been guard = " . $_POST["guard"] . "</br>\n\nOther Details = " . $_POST["text"];
mail($to,$subject,$message,$headers);
header ("Location: index.php?email=yes");
session_start();
mysql_query("INSERT INTO ip (IP) VALUES ('$ip')");
Should be:
$to = "admin@prisoneternity.org.uk";
$subject = "Guard Application";
$from = "guardapplication@prisoneternity.org.uk";
$headers = "From:" . $from;
$message = "IGN = " . $_POST["Username"] . "</br>\n\nage = " . $_POST["age"] . "</br>\n\nreason = " . $_POST["reason"] . "</br>\n\nHow many times have they been guard = " . $_POST["guard"] . "</br>\n\nOther Details = " . $_POST["text"];
mail($to,$subject,$message,$headers);
//header ("Location: index.php?email=yes");
session_start();
echo"Your request has been sent!";
mysql_query("INSERT INTO ip (IP) VALUES ('$ip')");
You can not echo content before header()
or session_start()
, also the echoed text will not be seen as you are doing a redirect. You need to choose which one you want to do. I commented out the header()
above but you can do the opposite. Also make sure you sanitize ALL $_POST
values for \r
and \n
characters to prevent mail header injection attacks.
Upvotes: 2