0

Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result

Here is code:

$result=mysql_query("
SELECT items.items_id, 
COUNT(ratings.item_id) AS TotalRating,
AVG(ratings.rating) AS AverageRating
FROM 'items'
LEFT JOIN ratings ON (ratings.item_id = items.items_id)
WHERE ratings.item_id = '{$item_id}' ;");

echo "Error message = ".mysql_error();

while($row=mysql_fetch_assoc($result)) {
      $output[]=$row;
}

Here is error:

Error message = You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''items' LEFT JOIN ratings ON (ratings.item_id = items.items_id) WHERE ' at line 4
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/k/i/c/kickinglettuce/html/Kickinglettuce/ratethis/get_ratings.php on line 38
null

I have confirmed that $item_id is the correct response based on an echo statement.

Community
  • 1
  • 1
TheLettuceMaster
  • 15,594
  • 48
  • 153
  • 259

1 Answers1

2

You have the table items in SINGLE QUOTES (') instead of BACKTICKS(`).

Justin Swanhart
  • 1,826
  • 13
  • 15
  • That was it, marking you correct! (when the time allows it) – TheLettuceMaster Aug 01 '12 at 03:16
  • I hope you've called mysql_real_escape_string on $item_id, otherwise you are open for SQL injection. – Justin Swanhart Aug 01 '12 at 18:53
  • Yes I have made sure of that. I have $item = $database->escape_value(trim($_POST['item'])); with it pointing to a method that does that sort of thing. EDIT: Though, $item_id comes after the $item variable is submitteed -- I don't have it protected now that I think about it... even though it's not user input? – TheLettuceMaster Aug 01 '12 at 20:08