1

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in * on line 35 

if($_SERVER['REQUEST_METHOD'] =='POST'){

    $userid = $_SESSION['userid'];
    $todo = $_POST['todo'];
    $description = $_POST['description'];
    $date = $_POST['date'];
    $priority = $_POST['priority'];
    $username = $_SESSION['username'];
}   

$get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$_SESSION['userid']."' ORDER BY id DESC");

while ($row = mysql_fetch_assoc($get_product)) { // Line 35
      ?>

I would like if someone could explain me what I did wrong, Searched the web off, but couldnt solve my problem. Thats why I'm Here :) ///////// PROBLEM SOLVED

Next Question: Im echoing,(instead of dieing) my wrong todo etc.. But the problem is, He still adds it in my DB. Could anyone explain what to do against it, I understand that if he doesnt die, he will still add it, but only gives an message.

I Guess there is no need to put the script in here. But if so. Ill add it.

Mr chinpansee
  • 379
  • 1
  • 3
  • 19
  • possible duplicate of [Warning when using mysql_fetch_assoc in PHP](http://stackoverflow.com/questions/169520/warning-when-using-mysql-fetch-assoc-in-php) – jprofitt Apr 19 '12 at 14:36
  • http://stackoverflow.com/search?q=Warning%3A+mysql_fetch_assoc%28%29%3A+supplied+argument+is+not+a+valid+MySQL+result+resource – deceze Apr 19 '12 at 14:36
  • Check `mysql_error()` after your query. There's some problem which is why you can't fetch. – Cfreak Apr 19 '12 at 14:37
  • Check your SQL query with the table name `inlog` and the field `userid` in the `WHERE` clause. There might be typo and try to echo `$_SESSION['userid']`. Most probably `$_SESSION['userid']` might not have the expected value for some reason. – Lion Apr 19 '12 at 14:48
  • Thank you @lion for paying attention, I guess im too tired to see. Didnt mean to get from "inlog" but from "tasks" Lmao.. Thanks! – Mr chinpansee Apr 19 '12 at 14:52

1 Answers1

2

Most likely something is empty, update your script to locate the problem:

if($_SERVER['REQUEST_METHOD'] =='POST'){
    $userid = (int) $_SESSION['userid']; // Cast to (int) to make it safe
    if (empty($userid))
        die('Invalid User ID');

    $todo = $_POST['todo'];
    if (empty($todo))
        die('Invalid todo');

    $description = $_POST['description'];
    if (empty($description))
        die('Invalid description');

    $date = $_POST['date'];
    if (empty($date))
        die('Invalid date');

    $priority = $_POST['priority'];
    if (empty($priority))
        die('Invalid priority');

    $username = $_SESSION['username'];
    if (empty($todo))
        die('Invalid username');

    $get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$userid."' ORDER BY id DESC"); // See how I changed $_SESSION['userid'] to $userid
}

Also make sure you are escaping your variables before you do a query with them. Just the way I casted the userid to an integer.

About the second question:

Next Question: Im echoing,(instead of dieing) my wrong todo etc.. But the problem is, He still adds it in my DB. Could anyone explain what to do against it, I understand that if he doesnt die, he will still add it, but only gives an message.

Best solution according to me:

if($_SERVER['REQUEST_METHOD'] =='POST'){
    $errors = array();

    $userid = (int) $_SESSION['userid']; // Cast to (int) to make it safe
    if (empty($userid))
        $errors[] = 'Invalid User ID'

    $todo = $_POST['todo'];
    if (empty($todo))
         $errors[] = 'Invalid todo';

    $description = $_POST['description'];
    if (empty($description))
        $errors[] = 'Invalid description';

    $date = $_POST['date'];
    if (empty($date))
        $errors[] = 'Invalid date';

    $priority = $_POST['priority'];
    if (empty($priority))
        $errors[] = 'Invalid priority';

    $username = $_SESSION['username'];
    if (empty($todo))
        $errors[] = 'Invalid username';

    // Only do the query when there are no errors    
    if (count($errors) <= 0) {
        $get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$userid."' ORDER BY id DESC"); // See how I changed $_SESSION['userid'] to $userid
    } else {
        echo implode('<br />', $errors); // or return is also a possibility
    }
}
Kenny
  • 5,350
  • 7
  • 29
  • 43