MySQL Query not working correctly

Question

I am trying to perform an additional query as you can see from the below piece of code.

I am having issues performing the second query. It seems like the code is not recognizing the second query. Can someone please advice?

Thanks in advance.

$query  = "SELECT * FROM tst WHERE status ='active' order by created DESC LIMIT 9";
$result = mysql_query($query);
if (!$result) die  ("database access failed : "  .   mysql_error());

while($row = mysql_fetch_array($result))
{
  echo"<ul class='gallery'><li>";
  echo "<td>" . $row['adid'] . "</td>";
  $subquery = ("SELECT * FROM match_item_image where adid = '.$row['adid'].'  LIMIT 1 ");
  $results = mysql_query($subquery) or die ("Error in query: $subquery " . mysql_error());
  $rows = mysql_fetch_array($results);
  $rows = mysql_num_rows($results);

  echo   '  <a href="viewad.php?adid='.$row['adid'].'&subcat='.$row['subcat'].'">  <img src= "upload/'.$rows['image'].'"height="175" width="200"border="0"  /> </a> ';
  echo "<h2><a href=''>".$row['state'] . "</a></h2>";
  echo   "<h2><a href=''>".$row['loc'] . "</a></h2>";
  echo"
   </li>
 </ul>";
}

Answer 1

the query is not working because you have included the $row['adid'] as a string and not as a value in the query, concactenate it like this

"SELECT * FROM match_item_image where adid = '" . $row['adid'] . "'  LIMIT 1 "

and your query is now vulnerable with SQL Injection, please read the article below

• Best way to prevent SQL injection in PHP