mysql_affected_rows sometimes returns 0 instead of 1

Question

I have a strange problem with php scripts - mysql_affected_rows() sometimes returns "0" for no reason.

There is a similar question @stackoverflow and answer to this question is:

MySQL only actually updates a row if there would be a noticeable difference before and after the updat.

But this is not my case. For example, if value before update is 1320402744 and value after update is 1320402944 mysql_affected_rows() anyway return "0". Is this difference not enough noticable?

Below are 3 files. As you can see, all files include file "functions.inc.php" which calls function "online()".

File " login.php " is working fine. It inserts a new row in "session" table correctly.

File " content.php " is working fine - it displays content and correctly runs function "online() in "functions.inc.php".

Then I call file " test.php ". It deletes "something from sometable" correctly. Then it refreshes itself (Header("Location: /test.php");). After refreshing I am logged off.

I added this to "online()" function:

echo "affected_rows";

It returns 0 .

I added more code to "online() function:

$checkuser = mysql_query("SELECT userid FROM session WHERE userid = '" . $_SESSION['id'] . "'") or die('Error');
$found = mysql_num_rows($checkuser);

echo $found;

 $result = mysql_query("UPDATE session SET time='$ctime' WHERE userid='".$_SESSION['id']."'") or die('Error');
    $affected_rows = mysql_affected_rows();
    if ($affected_rows != 1) @session_destroy();

echo $affected_rows;

The result is 1 and 0 .

I checked the database. "time" field in session table has been updated.

So, I can't understand how is it possible that the row exists, it updates correctly but mysql_affected_rows(); returns 0 , and why this happends only if te same page has been refreshed.

functions.inc.php

<?php
@ob_start();@session_start();
@mysql_connect(C_HOST, C_USER, C_PASS) or die('Cant connect');
@mysql_select_db(C_BASE) or die('Cant select DB');

function online() {
$ctime = time()+1800;

if((isset($_SESSION['id']))&&(is_numeric($_SESSION['id']))) {

$query = mysql_query("UPDATE session SET time='$ctime2' WHERE userid='".$_SESSION['id']."'") or die('Error');
$affected_rows = mysql_affected_rows();
if ($affected_rows != 1) @session_destroy();
}
}

//many other functions go here

online();
?>

login.php

<?php
include_once 'configuration.inc.php';
include_once 'functions.inc.php';

//many things go here

$upd = mysql_query("INSERT INTO session VALUES ('" . $i['id'] . "','$ctime')") or die('Error2');
Header("Location: /content.php?justlogged=1");
die;
?>

content.php

<?php
include_once 'configuration.inc.php';
include_once 'functions.inc.php';
//many thing go here
echo "content";

?>

test.php

    <?php
    include_once 'configuration.inc.php';
    include_once 'functions.inc.php';

    if (isset($_GET['tid'])&&(is_numeric($_GET['tid']))){
    $result = mysql_query("delete from some_table where something = '" . $_GET['tid'] . "'") or die('Error123a');
Header("Location: /test.php");
    die;
    }

    //file content

    ?>

Answer 1

In your function.inc.php you call online() - session time is changed every second. But can it be that you're switching between pages (login, content, test) more faster than 1 second? In that case time would be the same and you'd get session destroy because of unaffected rows

Edit:

Yes. As I thought.

See how it comes:

you call login.php: after successful login it creates new session with time X . After this you're immediately redirected to content.php (time is still X ) which calls online again. And of course, as you redirected immediately - time is the same.. so already at point of content.php session is already destroyed, because time wasn't changed.