-4

I am unable to understand why I am unable to use echo statement properly here.

Link which passes get value to script

  http://example.com/example.php?page=2&hot=1002

Below is my script which takes GET values from link.

<?php
    session_start();
    require('all_functions.php');
    if (!check_valid_user())
    {
        html_header("example", "");
    }
    else
    {
        html_header("example", "Welcome " . $_SESSION['valid_user']);
    }
    require('cat_body.php');
    footer();
?>

cat_body.php is as follows:

<?php
    require_once("config.php");

    $hot = $_GET['hot'];

    $result = mysql_query( "select * from cat, cat_images where cat_ID=$hot");

    echo $result['cat_name']; 
?>

Please help me.

Jaak Kütt
  • 2,566
  • 4
  • 31
  • 39
user2692733
  • 3
  • 3
  • Welcome to Stack Overflow! Please, before you write **any** more SQL interfacing code, you must read up on [proper SQL escaping](http://bobby-tables.com/php) to avoid severe [SQL injection bugs](http://bobby-tables.com). Also, [`mysql_*` functions](http://php.net/manual/en/ref.mysql.php) should not be used in new applications and will be removed from future versions of PHP. Please consider switching to [**`MySQLi`** or **`PDO`**](http://php.net/manual/en/mysqlinfo.api.choosing.php). As written, someone could ruin your entire website in seconds. – Petr R. Aug 20 '13 at 19:51
  • **You are wide open to [SQL injections](http://stackoverflow.com/q/60174)** – John Conde Aug 20 '13 at 19:51
  • 3
    Please read the manual how to work with `mysql_query`. – deceze Aug 20 '13 at 19:52
  • 1
    Your title says $_POST, but your code say $_GET. They're not the same. Which is it? –  Aug 20 '13 at 19:56
  • You never FETCH a row of data from your query result. You're trying to use that result handle as an array, which does NOT work. – Marc B Aug 20 '13 at 19:59
  • I am sorry, this is $_GET – user2692733 Aug 20 '13 at 20:01
  • Hi Marc B, How to get this done I need to print name. Thanks guys for your suggestion regarding sql injections – user2692733 Aug 20 '13 at 20:04

1 Answers1

0

mysql_query returns result resource on success (or false on error), not the data. To get data you need to use fetch functions like mysql_fetch_assoc() which returns array with column names as array keys.

$result =  mysql_query( "select 
* from cat, cat_images
where 
cat_ID=$hot");
if ($result) {
    $row = mysql_fetch_assoc($result);
    echo $row['cat_name'];
} else {
    // error in query
    echo mysql_error();
}

// addition
Your query is poorly defined. Firstly there is not relation defined between two tables in where clause.
Secondly (and this is why you get that message "Column 'cat_ID' in where clause is ambiguous"), both tables have column cat_ID but you did not explicitly told mysql which table's column you are using.

The query should look something like this (may not be the thing you need, so change it appropriately):

"SELECT * FROM cat, cat_images
WHERE cat.cat_ID = cat_images.cat_ID AND cat.cat_ID = " . $hot;

the cat.cat_ID = cat_images.cat_ID part in where tells that those two tables are joined by combining rows where those columns are same.

Also, be careful when inserting queries with GET/POST data directly. Read more about (My)Sql injection.

Mysql functions are deprecated and will soon be completely removed from PHP, you should think about switching to MySQLi or PDO.

Ivan Hušnjak
  • 3,493
  • 3
  • 20
  • 30