mysql_num_rows() 返回 0

Question

My $result variable will equal to "Resource id #4" when program executes. Which clearly means that my mysql_query() was successfully executed. But when I call in mysql_num_rows($result), I always get back 0. Although a row does exist, I keep getting a value of 0. Why?

if (isset($_POST["user"]) && isset($_POST["pass"]))
{
    // prepare SQL
    $sql = sprintf("SELECT 1 FROM users WHERE username='%s' AND password=PASSWORD('%s')",
                   mysql_real_escape_string($_POST["user"]),
                   mysql_real_escape_string($_POST["pass"]));

    // execute query
    $result = mysql_query($sql);


    if ($result === false)
        die("Could not query database");


    $numOfRows = mysql_num_rows($result);

Answer 1

There's nothing obviously wrong with your code.

The most obvious explanation is that the query being submitted to the database is not returning any rows.

I recommend you add some rudimentary debugging: echo (or vardump or printf) the value of the SQL text $sql prior to submitting it to the database.

Verify that the SQL text is what you expect to be submitted to the database, and that this query returns a row.

As another step in debugging, I recommend you actually fetch the rows from the resultset, and display the returned rows.

---

I typically assign an alias to literals in the SELECT list, eg

SELECT 1 AS one FROM ...

But I don't think this would really cause an issue with the mysql_num_rows.

---

I believe earlier versions of PHP defaulted to having "magic quotes" feature being turned (automatically running an addslashes function on strings); echoing out the generated SQL would show if "double escaping" was a problem or not.

---

Addendum

An obligatory note here that the mysql_ interface is DEPRECATED, and new development should make use of one of the (much improved) replacements: mysqli or PDO .