I have absolutely no idea why this is happening, but my simple MySQL statement using an ORDER BY ... DESC command gives a really weird error when I try to perform the query.
The error is
mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in E:/.../home.php on line 23
And my code is:
$data = mysql_query("SELECT * FROM `blogposts` LIMIT 0, 30 ORDER BY id DESC");
while($results = mysql_fetch_assoc($data))//error here
I can't find out why. Any help is appreciated.
Oh, by the way, I know that everyone who looks at this question is going to rip into me for still using mysql.* libraries and there will be a highly upvoted comment about the evils of it and the fact that I am vulnerable to SQL injection. To answer before it's asked, as it were, this is not going online, it's purely a home project running on localhost. So don't even bother lecturing me.
ORDER BY clause must come before the LIMIT clause
SELECT * FROM `blogposts` ORDER BY id DESC LIMIT 0, 30
Related
I've got the following SQL statement in my PHP code:
$strSQL = "SELECT * FROM coaches WHERE pastors='1' OR all_categories='1' ORDER BY l_name";
but the WHERE portion after the OR is ignored. Is my code correct? Is there a better way to code it?
Thanks for the suggestions. Even though people said it should work, for some reason it wasn't. The easiest solution was to simply set every true/false to 1 for those individuals who want to be in all categories instead of trying to fight against the OR which looks correct but won't work.
I am trying to get it to select database entries if there is a 1 in a particular category, in this case "pastors", or if there is a 1 in the "all_categories" category.
From the looks of it, your code does just that.
You're just forgetting ASC or DESC at the end of it.
It should look more like this:
$strSQL = "SELECT * FROM coaches WHERE pastors='1' OR all_categories='1' ORDER BY l_name ASC";
I have the following code :
$req = mysql_query("SELECT * FROM table WHERE id='".mysql_real_escape_string($id)."' ORDER BY lastupdate DESC LIMIT ".mysql_real_escape_string($_GET['start']).", 15 ");
For some reason it seems like I can inject some (unusable) SQL code into the $_GET['start'] parameter.
For example : 1,100 # (url encoded like this : +1%2C+100%23)
I'm fairly sure you can't really use it to do any damage or steal anything from my db (UNION can't work because of ORDER BY, and mysql_query() doesn't allow multiple queries
I know I should add intval() to make sure it is an integer. My main question is WHY... Why does it work? I really don't understand.
Thank you very much for your insights.
You should parse it into an integer.
$req = mysql_query("SELECT * FROM table WHERE id='".(int)$id."' ORDER BY lastupdate DESC LIMIT ".(int)$_GET['start'].", 15 ");
Additionally, you should strongly consider using mysqli or PDO
The mysql_* , mysqli_* functions have no idea of what the structure of your table is. The function mysql_real_escape_string considers everything as string, and just makes it safe.
(Note that this is for MSSQL, not MYSQL)
Does anyone know why this doesn't work?
$query = "SELECT * FROM table WHERE SeriesID = ? ORDER BY ? ?";
$result = $conn->getData($query, array($seriesID,$sortBy,$sortOrder));
I don't see any errors, but no results are returned.
When I don't have the ORDER BY portion, it works. It's the second and third question marks that kill it.
$conn->getData() is calling sqlsrv_query() function...
There is a similar question here which I answered with a workaround, but I'd like to find out why this doesn't work as I think it should.
I was browsing around Stack Overflow attempting to find how to limit an SQL query with a while loop and I came across this code.
$count = 0;
while ($count < 4 && $info = mysql_fetch_assoc($result)) {
//stuff
$count++;
}
Q 1: What is the difference between this code and using the SQL LIMIT clause?
Q 2: For what reason would somebody want to use this code, rather than using LIMIT?
With this code, the MySQL server will send all the results to the client, but the client ignores everything after the 4th row. So the server has to do more work, and more bandwidth will be used between the client and server.
They might want to use mysql_num_rows() to find out how many total rows were selected, even though they only want to display the first 4. However, MySQL provides a way to do that with LIMIT -- you can put the SQL_CALC_FOUND_ROWS option in the SELECT clause, and then use SELECT FOUND_ROWS() to get the total number of rows. So there's no good reason, except they don't know about this feature.
Everyting #Barmar said is right on. Following with code like that will cause lots of problems as your result sets start to grow. Let a database do what its good at doing, let it supply the limit of results you want/need. Just think of what happens when you do a SELECT with no LIMIT clause in the command line client where there are thousands of rows...it just goes on and on.
One more thing, I wouldn't recommend using mysql_num_rows() as its a deprecated function. Might as well go along with mysqli or PDO.
I am currently using tinyint to store boolean values in mysql, and am trying to query a database but it is failing. The error I am getting is Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given which if im not mistaken just means the query didn't work. Before I post the query let me say I am using practically deprecated php for the query, however it's not going live and I just need it to work real quick. I know this stuff is all being updated so feel free to share any relevant materials (I do need to get caught up as it is) however the solution I am looking for is for my old school query. The query is:
$sql = mysql_query("SELECT * FROM contact ORDER BY id ASC WHERE read='0'");
where read is the tinyint in question.
I have tried WHERE read=0
and WHERE read=false
None of these are working, I do appreciate any help in advance!
You need to structure the query correctly:
"SELECT * FROM contact WHERE read=0 ORDER BY id ASC"
WHERE comes before ORDER BY.
Additionally, "mysql_num_rows() expects parameter 1 to be resource" is happening because you're calling a method on a failed query - not a resource. You could get a proper error on your query itself with something like mysql_query("SELECT... your query") or die(mysql_error()) But officially we all suggest moving to PDO or mysqli
And using their respective error reporting utilities.