Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (21 April 2014 - 09:11 PM) Hey, Ritesh, Did You Hear Me?
@  yordan : (14 April 2014 - 05:28 PM) By The Way, This Could Be An Interesting Subject For A Topic, What About Posting This Question? Let's See If Other People Have The Same Feeling Concerning Bootlists!
@  yordan : (13 April 2014 - 09:36 AM) Boot Order : Cd, [Usb,] Hard Drive :D
@  yordan : (11 April 2014 - 07:23 PM) I Simply Let The Bios Do That
@  Ritesh : (11 April 2014 - 10:23 AM) Is It Possible To Launch Fedora Live Cd Or Installation Disk From Hard Drive On Windows Platform Using Grub Mbr File.
@  Ritesh : (11 April 2014 - 10:21 AM) No U Are Not.. Btw.. I Have Question For You.
@  yordan : (10 April 2014 - 08:02 AM) You Are Partially Right.
I Was Not.
Nevertheless, I Am Again :)
@  Ritesh : (09 April 2014 - 07:33 PM) :P
@  Ritesh : (09 April 2014 - 07:33 PM) I Think U R Not..
@  yordan : (09 April 2014 - 09:28 AM) I'm The Master Of The Shoutbox!
@  yordan : (05 April 2014 - 10:32 PM) He-He
@  Ritesh : (04 April 2014 - 06:59 PM) Ha Ha Ha ....
@  yordan : (04 April 2014 - 11:15 AM) Welcome Back, Starscream!
@  yordan : (03 April 2014 - 02:31 PM) And I Hope That He Will Come Back Soon :)
@  yordan : (01 April 2014 - 02:53 PM) Nice, Ritesh Came, I'm Not Home Alone Today.
@  Ritesh : (01 April 2014 - 08:51 AM) Oh!!! Poor Dear Yordan..
@  yordan : (31 March 2014 - 10:02 AM) I'm A Poor Lonesome Cow-Boy
@  yordan : (27 March 2014 - 02:22 PM) He Is Unpatient Due To His Patients!
@  Ritesh : (27 March 2014 - 10:46 AM) :(
@  Ritesh : (27 March 2014 - 10:46 AM) He Is Busy With His Patients.

Photo
- - - - -

Warning: Mysql_result(): Supplied Argument Is Not A Valid Mysql Result Resource In ... This Is for My attack Script.


4 replies to this topic

#1 Feelay

Feelay

    Some random title

  • Members
  • 290 posts
  • Gender:Male
  • Location:Sweden

Posted 01 February 2008 - 08:50 PM

Hey. I am making a "Version 2.0" For my attack script, but I can't make it work.

This is the error I am gettin:

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in

And here is the code:


$dbQueryHealth = mysql_query("SELECT temphealth FROM characters WHERE user =". $_POST['atkuser']."");  
		$currentHealth = mysql_result($dbQueryHealth, 0); 

		$dbQueryExp = mysql_query("SELECT exp FROM characters WHERE user = ".$_POST['atkuser']."");  
		$currentExp = mysql_result($dbQueryExp, 0);

I have checked the PHP Manual, but I did not find anything there :S
Thanks For All you help
//Feelay

#2 sparkx

sparkx

    Sparkx

  • [HOSTED]
  • 376 posts
  • Gender:Male
  • Location:Dana Point, CA, USA
  • myCENTs:55.07

Posted 02 February 2008 - 09:51 PM

It looks like your mysql_query is wrong. Correct me if I am wrong but I am pretty sure your use WHERE Column='$var' not WHERE Column=".$var." Also you seem to have a odd way of result. I usually do it quite differently but I am not sure what the major difference is.
Example
$atkuser=$_POST['atkuser'];
$row = mysql_fetch_array(mysql_query("SELECT * FROM database
 WHERE User='$atkuser'") or die(mysql_error()));  
$EXP=$row['EXP'];
After looking at your code a bit I realized that it seem very strange. I have never seen anyone $_Post a variable directly to a Mysql. First off it is EXTRAMLY insecure and secondly anyone that know PHP could hack it. My example above is also hack-able but you can solve that with a simple preg_replace or preg_match. I am also not quite sure why you have , 0) after your result.

Hope this helps at least a little,
Sparkx

#3 Miles

Miles

    Advanced Member

  • [HOSTED]
  • 177 posts

Posted 03 February 2008 - 11:49 AM

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in [file] is caused by an sql query that isn't done correctly, usually. To fix it I suggest doing what will be the SQL query firstly in a variable then using mysql_query($sqlvariable), that should solve your problem.

#4 Feelay

Feelay

    Some random title

  • Members
  • 290 posts
  • Gender:Male
  • Location:Sweden

Posted 03 February 2008 - 11:59 AM

I did that ;) Thanks :P It is working now.. but as always, I am having a new problem :P
The value in the database is not updating :S
here the code for the update, should'nt it work =?

$SeUs = $_SESSION['user'];
$PoUS = $_POST['atkuser'];
mysql_query ("UPDATE characters SET temphealth =\"{$currentHealthYou}\" WHERE user =\"{$SeUs}\"");
mysql_query ("UPDATE characters SET temphealth = \"{$currentHealthEnemy}\" WHERE user =\"{$PoUs}\"");

Edited by Feelay, 03 February 2008 - 12:01 PM.


#5 TavoxPeru

TavoxPeru

    Super Member

  • [HOSTED]
  • 876 posts
  • Gender:Male
  • Location:Lima - Peru
  • Interests:Web and Software development, Internet, Computers, Electronic music, music, soccer.
  • myCENTs:13.21

Posted 08 February 2008 - 05:43 AM

I did that :P Thanks ;) It is working now.. but as always, I am having a new problem :P
The value in the database is not updating :S
here the code for the update, should'nt it work =?

$SeUs = $_SESSION['user'];
$PoUS = $_POST['atkuser'];
mysql_query ("UPDATE characters SET temphealth =\"{$currentHealthYou}\" WHERE user =\"{$SeUs}\"");
mysql_query ("UPDATE characters SET temphealth = \"{$currentHealthEnemy}\" WHERE user =\"{$PoUs}\"");

You can use the session variable directly in your code, instead of escaping your strings simply use a single quote ('), also, to prevent sql injections use the mysql_real_escape function with the data posted to your script.

And personally i always attach a die() function with the mysql_error() function to every query i make to check if every thing works fine.

Try the following:

<?php
$PoUS = mysql_real_escape_string($_POST['atkuser']);
mysql_query ("UPDATE characters SET temphealth='$currentHealthYou' WHERE user='" . $_SESSION['user'] ."'") or die(mysql_error() );
mysql_query ("UPDATE characters SET temphealth = '$currentHealthEnemy' WHERE user ='$PoUs'") or die(mysql_error());
?>

Best regards,



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users