1

I'm trying to select a column from a table named say, 1234. 

      $query="select Number from `$table`";
      $contacts=mysql_query($query);

      while($row=mysql_fetch_array($contacts))
         echo $row['Number'];

If I use "select Number from 1234", it works. The value for $table is got using $_REQUEST["key0"]. I call the page as "localhost/page_id=22?key0=1234" What's the problem? I get the following error at mysql_fetch_array statement : Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\wp-content\plugins\exec-php\includes\runtime.php(42)

venkatKA
  • 2,399
  • 1
  • 18
  • 22
  • Did you echo out the value of `$table`? Also, please do read up on SQL injection. The way you create queries is very unsafe - http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain. – JohnP Sep 29 '12 at 04:38
  • I tried to echo it too. It doesn't even print the value. – venkatKA Sep 29 '12 at 04:40
  • 1
    That mean you don't have the value. If it's not printing then the value is not populated. Also, if you're getting that error it means that your mysql_connect call didn't finish properly – JohnP Sep 29 '12 at 04:43
  • Hello What is the Page_id? is it the argument? – drsndodiya Sep 29 '12 at 04:51
  • you're going to get hacked. this code is a very bad idea. start with PDO, get rid of the table name in the URL - what happens when that is changed to another table name? What happens when someone types in other sql commands for the table name? this is insanity. – Tim G Sep 29 '12 at 05:42
  • hm, `page_id=22?key0=1234`... you really don't see anything wrong here??? you can't have `page_id=22` as page name! – Wh1T3h4Ck5 Sep 30 '12 at 00:01
  • @zander, show us more code... mysql_connect() and so on – Wh1T3h4Ck5 Sep 30 '12 at 00:07
  • @Wh1T3h4Ck5 Well My wordpress had some problem. It works in plain php. Thanks for your effort. – venkatKA Sep 30 '12 at 03:09

6 Answers6

2

The url you call should be formatted like this:

localhost/?page_id=22&key0=1234

Also, 1234 is a weird name for a table :))

moonwave99
  • 21,957
  • 3
  • 43
  • 64
  • Thanks for that. Now, echoing $table works. But the warning still remains and the query doenst get executed. – venkatKA Sep 29 '12 at 04:42
  • Check that both `Number` [with uppercase N!] field and `1234` table exist in your db. Try to run the query in you mysql client of choice / phpmyadmin to read the sql error. – moonwave99 Sep 29 '12 at 04:45
0

Write it like this "select Number from ".$table;

Wh1T3h4Ck5
  • 8,399
  • 9
  • 59
  • 79
Subir Kumar Sao
  • 8,171
  • 3
  • 26
  • 47
0

$contacts is what was returned from your query, it will return false if u have some type of error. So:

  1. Catch the error (read on try-catch)
  2. You probably do not have a table called 1234. In the FROM clause u must use existing elements/table from your DB (or temp tables generated from such)
  3. Good luck with SQL injection.
Itay Moav -Malimovka
  • 52,579
  • 61
  • 190
  • 278
0
$conn=mysql_connect("localhost","root","");
mysql_select_db("as you wish",$conn);  
$query="select Number from `$table`";
      $contacts=mysql_query($query,$conn);

      while($row=mysql_fetch_array($contacts))
         echo $row['Number'];

try this

Man Programmer
  • 5,300
  • 2
  • 21
  • 21
0

This is going to work for sure.

 "SELECT * 
    FROM  `yourdatabase_name`.`$table` "
Arun Killu
  • 13,581
  • 5
  • 34
  • 61
  • explain, why you're so sure? It works if database wasn't previously selected but this doesn't look as obvious reason for issue. One thing is sure, this fixes unselected database issue, nothing more. – Wh1T3h4Ck5 Sep 30 '12 at 00:04
0

I think you have to use something like this

localhost/?page_id=22&key0=1234 but in your question you mention you are using localhost/page_id=22?key0=1234 so just try as i mention here!

hope it will help you

drsndodiya
  • 1,685
  • 1
  • 17
  • 36