Challenges with mysql_fetch_array()

Question

I'm running into a situation where a mysql_query() result being fed into a mysql_fetch_array() function is being interpreted as a boolean instead of the result.

The below code uses Using an SQL result in a foreach loop as a coding example for doing a foreach loop. There may be multiple problems with the code still as my current problem occurs before the foreach loop.

$results=mysql_query("SELECT * FROM order_details WHERE orderid = $orderid");

    print "SELECT * FROM order_details WHERE orderid = $orderid";

    $productid;
    $quantity;
    $price;

    $resultset = array();
while ($row = mysql_fetch_arraY($results)) {
$resultset[] = $row;
}

    foreach ($resultset as $result)
    {

    $productid = $result['productid'];
    $quantity = $result['quantity'];
    $price = $result['price'];

    print "<br />$productid, $quantity, $price";
    };

It is not “interpreted as boolean” – it simply _is_ boolean `false`, because your query has an error. Use `mysql_error()` to find out what it is. — CBroe, Dec 04 '13 at 23:22
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Dec 05 '13 at 17:24
Thank you, I realize that this is not perfect. But is just some quick code for a PHP class. I would most certainly sanitize my strings in a real world environment. :) — Spitfire19, Dec 08 '13 at 06:00

score 0 · Answer 1 · answered Dec 04 '13 at 23:24

0

Change $orderid to '$orderid' provided that everything is fine. One big note, try going over mysqli and PDO instead of mysql.

answered Dec 04 '13 at 23:24

Prashant Ghimire

4,890
3
35
46

score 0 · Answer 2 · answered Dec 05 '13 at 17:01

for($i=0;$i<$max;$i++) {
        $pid=$_SESSION['cart'][$i]['productid'];
        $q=$_SESSION['cart'][$i]['qty'];
        $price=get_price($pid);

        $pname;

        $row = mysql_fetch_assoc(mysql_query("SELECT name\n"
        . "FROM `products` \n"
        . "WHERE SERIAL =$pid\n"
        . "LIMIT 1"));
        $pname = $row['name'];

        print "<br  />Product Name: $pname, Quantity: $q, Price: $price";
    }

Challenges with mysql_fetch_array()

2 Answers2