How do I fix the "Mysql_fetch_array supplied argument is not a valid MYSQL result" error?
This is the code that had the error:
<?php
require "connect.php";
$query = mysql_query("SELECT author, date
FROM articles
WHERE id = ' . $id . '") or die(mysql_error());
$runrows = mysql_fetch_array('$query');
$author = $runrows['author'];
$date = $runrows['date'];
?>
$query = mysql_query("SELECT author, date FROM articles WHERE id = ' . $id . '") or die(mysql_error());
$runrows = mysql_fetch_array($query);
There should be no quotes for $query. Its a variable, not a string.
$runrows = mysql_fetch_array('$query');
Should be
$runrows = mysql_fetch_array($query);
or
$runrows = mysql_fetch_array("$query");
Using '$variable' just prints out $variable as text. You want to use the value of the variable.
SQL Injection is when you use that $id variable from user interaction.
E.g. you have the following URL:
http://example.com/articles.php?id=1
If you just add the id variable to your query people can inject code in the variable.
http://en.wikipedia.org/wiki/SQL_injection
To prevent this you can simply do:
$id = mysql_real_escape_string($id);
Or use prepared statements if it is supported.
http://en.wikipedia.org/wiki/Prepared_statements#Parameterized_statements
Remove the dots and use something like this in the third line
$query = mysql_query("SELECT author, date FROM articles WHERE id = '$id'") or die(mysql_error());
This has happened to me when I had not closed the connection using mysql_close($conn). I guess the socket between from the db was still open, and next time when i again connected to the same db, this particular error came. There were no other issues. Once I explicitly closed the connection and then again restarted the connection, this issue was resolved. Hope it helps.
Related
I'm trying to select and echo a single field.
This is my code when I'm trying it
session_start();
$query = "select id from user where username = ".$_SESSION['username'];
$result = mysql_query($query);
$admin_id = mysql_fetch_array($result);
echo $admin_id['id'];
When I run that code, this warning text appears
mysql_fetch_array() expects parameter 1 to be resource, boolean given in ......
How should I do it?
You should use quotes when you assign values in sql queries .
$query = "select id from user where username = '{$_SESSION['username']}'";
Or
$query = "select id from user where username = '" . $_SESSION['username'] . "'";
However, it is not a good practice so you better look forward prepared statements to reduce sql injection vulnerability : http://ru2.php.net/pdo.prepared-statements
Try this:
$username = $_SESSION['username'];
$query = "select id from user where username = '$username'";
I am having problems trying to get these queries with a WHERE clause to work. I have two tables which look like this :
What I am trying to do is return the genre that each film has. At the moment no data is returning at all from what I can see. Here are the two queries:
$film_id = $row_movie_list['film_id'];
mysql_select_db($database_fot , $fot);
$query_get_genre = "SELECT * FROM film_genre WHERE `id_film` ='". $film_id. "'";
$get_genre = mysql_query($query_get_genre, $fot) or die(mysql_error());
$row_get_genre = mysql_fetch_assoc($get_genre);
$totalRows_get_genre = mysql_num_rows($get_genre);
$genre_id = $row_get_genre['id_genre'];
mysql_select_db($database_fot , $fot);
$query_genre = "SELECT * FROM genre WHERE `id_genre` ='". $genre_id. "'";
$genre= mysql_query($query_genre, $fot) or die(mysql_error());
$row__genre = mysql_fetch_assoc($genre);
$totalRows_genre = mysql_num_rows($genre);
PHP with content area. I fairly new to PHP so any help would be appreciated.
<?php do { echo $genre['genre']; } while($row_get_genre = mysql_fetch_assoc($get_genre)); ?>
Update: I am now able to get first genre but not second it just echos the first one twice and I have tried but still no luck:
do {do { echo $row_genre['genre']; } while($row_genre = mysql_fetch_assoc($genre));} while($row_get_genre = mysql_fetch_assoc($get_genre)); ?>
Avoiding the fact that you're using a deprecated way to establish connection and interact with MySQL, what you're doing is getting a single relation genre-film and then getting the row of the genre that matches. You should surround part of your code with a while that executes while it's still genres of the film with id. Something like:
$film_id = $row_movie_list['film_id'];
mysql_select_db($database_fot , $fot);
$query_get_genre = "SELECT * FROM film_genre WHERE `id_film` ='". $film_id. "'";
$get_genre = mysql_query($query_get_genre, $fot) or die(mysql_error());
while($row_get_genre = mysql_fetch_assoc($get_genre)){
$genre_id = $row_get_genre['id_genre'];
$query_genre = "SELECT * FROM genre WHERE `id_genre` ='". $genre_id. "'";
$genre= mysql_query($query_genre, $fot) or die(mysql_error());
$row__genre = mysql_fetch_assoc($genre);
// You should do whatever you want to do with $row__genre here. Otherwise it will be cleared.
}
I must insist this is a deprecated and insecure way of communication with a MySQL Database. I recommend you read about MySQLi or PDO extensions.
MySQLi: http://www.php.net/manual/en/book.mysqli.php
PDO: http://www.php.net/manual/en/book.pdo.php
I am trying to get a value from database using the code below. I want to save the value in the variable category so I can give this as parameter to a function. The id is dynamically given. Is the code below correct? because when trying this nothing works...
$thecategory = mysql_query("SELECT TYPE FROM lists WHERE id =" . this.id);
The use of '$id' provides a little security against sql injection
$thecategory = mysql_query("SELECT `TYPE` FROM `lists` WHERE `id` ='$id'");
$associate = mysql_fetch_assoc($thecategory);
$TYPE = $associate['TYPE'];
Use mysql_result:
$thecategory = mysql_query("SELECT TYPE FROM lists WHERE id =" . $id); // changed $id
$type = mysql_result($thecategory, 0);
I suggest that you use PDO instead of mysql_* functions, they are deprecated.
Try:
$thecategory = mysql_query("SELECT TYPE FROM lists WHERE id =" . this->id);
I'm trying to get data from a table column that has a corresponding ID, but when I try to get an ID it gives me a 'resource ID'. My column ID holds INTs, and I found that if I add or subtract to the resource ID i get a number so I tried adding then subtracting 1, but it still isn't working.
<?php
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("blog") or die(mysql_error());
$strSQL = "SELECT id FROM blogtable ORDER BY id DESC";
$rs = mysql_query($strSQL);
$artID = $rs-1+1;//So if I don't do this, I get resource ID#'#'
?>
This code is on the same page, but in a separate container.
<?php
$getArticle = "SELECT title FROM blogtable Where id = '$artID'";
$selectedArticle = mysql_query($getArticle);
echo $selectedArticle;
?>
I was hoping this would get me the text from my title column, but it just gives me another resource id.
You can use
$result = mysql_fetch_object($rs);
$artID = $result->id;
...
$selectedArticle = mysql_query($getArticle);
$res = mysql_fetch_object($selectedArticle);
echo $res->title;
But i will recommende using PDO or mysqli functions since mysql_ functions will become obsolete.
mysqli examples: http://www.w3schools.com/php/php_ref_mysqli.asp
or
PDO tutorials: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
mysql_query gives you resource id. If you want to get your ID;
$id = 0;
while ($row = mysql_fetch_assoc($rs)) {
$id = $row['ID'];
}
Or
$row = mysql_fetch_array($rs);
and get id from $row array
I am getting the below error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing order by id'
Here is the main page..
echo "<div ><a href='secondpage.php?title=".urlencode($row['title'])."'>".wordwrap($row['title'], 35, "<br />\n", true)."</a></div>";
and here is the second page the error appearing on. the address bar reads http://localhost/secondpage.php?title=more+testing
<?php
$mydb = new mysqli('localhost', 'root', '', 'test');
$sql = "SELECT * FROM test where urlencode(title) =".$_GET['title']" order by id ";
$result = $mydb->query($sql);
if (!$result) {
echo $mydb->error;
}
?>
<div>
<?php
while( $row = $result->fetch_assoc() ){
echo $row['firstname'];
}
$mydb->close ();
?>
</div>
You want to use urldecode to decode the encoded string in your query:
$title = urldecode($_GET['title']);
$sql = "SELECT * FROM test where title = '$title' order by id";
I'm assuming you have a column named title in your test table. I don't think MySQL has urlencode function unless you have a procedure by that name which functions exactly like PHP's urlencode.
Update:
Thanks to #GeorgeLund, who pointed out the point of SQL Injection. Important topic which I missed earlier during answering your question. Please have a look at: https://www.owasp.org/index.php/SQL_Injection
For the very least please update your code to following:
$title = urldecode($_GET['title']);
$title = mysqli_real_escape_string($title); // Addition
$sql = "SELECT * FROM test where title = '$title' order by id";
$sql = "SELECT * FROM test where urlencode(title) ='".$_GET['title']."' order by id ";
Try like
$sql = "SELECT * FROM test WHERE urlencode(title) = ".$_GET['title']." ORDER BY id ";
You missed . leads syntax go away.
As far as I know SQL does not have function urlencode and why would you even want to urlencode the column name?
Also to store the encoded title string which is received from the last page you should decode the encoded title
So here is what I think you meant to do.
$sql = "SELECT * FROM test WHERE title = ".urldecode($_GET['title'])." order by id ";
Please try this code using urldecode
$sql = "SELECT * FROM test where title =".urldecode($_GET['title'])" order by id ";