SQL result doesn't work when reassigned

Question

The code:

  $msr = db_query("SELECT * FROM users WHERE username='$username'");
  if (db_num_rows($msr) == 0)
      return null;

When

function db_query($query) { return mysql_query($query) or die(mysql_error() . " when querying: $query"); }
function db_num_rows($queres) { return mysql_num_rows($queres) or die(mysql_error()); }

Shows error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

When I replace "db_" with "mysql_" everything works perfectly. Is there a way to fix this?

Answer 1

See "Creating a php function to return mysql results" here on SO.

function db_query($query) { 
  $result = mysql_query($query) or die(mysql_error()." when querying: $query"); 
  return $result;
}

// etc

Apart from that, you should absolutely not do

$msr = db_query("SELECT * FROM users WHERE username='$username'");

for security reasons. This is wide open for SQL injection attacks, see XKCD 327. Use parametrized SQL statements instead.