0

I keep getting weird results from this query.

Not that I am not using PDA because this is just a prototype. In production I plan on tightening all of the screws and making it more secure. 

include ('../includes/DBConnect.php'); //exactly how it is in other working files
$query = "SELECT * FROM CHARACTERS WHERE USER_ID=(SELECT ID FROM USERS WHERE EMAIL='"+$_SESSION['user']+"') ORDER BY id DESC"; //I have copy pasted this into mysql and it worked, switching the session variable with a string

I get an error with the this line

while($row = mysqli_fetch_array($character_list)){

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\Node2\public\main.php on line 36

I know this has to be stupid. I can't figure it out. I just looked at documentation and other files I have written that worked. And a few stack overflow threads to no avail.

Thank you so much.

bezzoon
  • 1,755
  • 4
  • 24
  • 52
  • Some advice. ***Never*** assume an SQL query succeeded! ***Always*** check to be sure it did. Add in some error checking. `if($character_list === FALSE){ die(mysqli_error($conn); }` – gen_Eric Sep 19 '13 at 23:17
  • Ty! will do, Rocket :D – bezzoon Sep 20 '13 at 02:52
  • **By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. – Andy Lester Sep 20 '13 at 04:58

1 Answers1

2

You're using + instead of . to concatenate strings. Gotta remember this is PHP, not JavaScript ;)

$query = "SELECT * FROM CHARACTERS WHERE USER_ID=(SELECT ID FROM USERS WHERE EMAIL='".$_SESSION['user']."') ORDER BY id DESC";
gen_Eric
  • 223,194
  • 41
  • 299
  • 337
  • FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF THank you so much! Why does php even do that! aaaahhhh ;( – bezzoon Sep 19 '13 at 23:24