Simple MYSQL wont echo :( mysqli_fetch_array() expects parameter 1 to be mysqli_result

Question

i would love if any one could help me out with this issue.

The config.php file which is included works fine, and the database loads fine.

It's just about echoing stuff out of the database when connected with an Included file. How would i do that the simplest cleanest way?

<?php
include 'config.php';
$username = $_COOKIE["ava_username"];
$user_id = $_COOKIE["ava_userid"];
$useridquery = mysql_query("SELECT id FROM ava_users WHERE username=$cookie");

if (isset($_COOKIE["ava_username"])) {
$result = mysql_query("SELECT points FROM ava_users WHERE username=$username");
        echo "Cookie is enabled, and User status login is 0<br>";
        echo "User ID: ". $user_id . "<br>";
        echo "User Name: " . $_COOKIE["ava_username"]. "<br>";
        while ($row = mysqli_fetch_array($result))
        {
        echo $row['points'] . " and Joined " . $row['joined'];
        echo "<br>";
  }


}      
?>

Your script is vulnerable to SQL injections; you should read on [how to prevent them](http://stackoverflow.com/q/60174/53114). — Gumbo, Mar 02 '14 at 09:11

score 1 · Answer 1 · answered Mar 02 '14 at 09:19

You have mixed up mysql_* with mysql_i*

$useridquery = mysql_query("SELECT id FROM ava_users WHERE username=$cookie");

above line contains wrong query (need to use quotation )and seems that $useridquery is unused. this line should be like this:

$useridquery = mysqli_query("SELECT id FROM ava_users WHERE username='$cookie'");

same wrong query in this line :

 $result = mysql_query("SELECT points FROM ava_users WHERE username=$username");

should be :

$result = mysqli_query("SELECT points FROM ava_users WHERE username='$username'");

try this:

include 'config.php';
$username = $_COOKIE["ava_username"];
$user_id = $_COOKIE["ava_userid"];
$useridquery = mysqli_query("SELECT id FROM ava_users WHERE username='$cookie'"); //add quotation in  variable 

if (isset($_COOKIE["ava_username"])) {
$result = mysqli_query("SELECT points FROM ava_users WHERE username='$username'"); //add quotation in username variable 
        echo "Cookie is enabled, and User status login is 0<br>";
        echo "User ID: ". $user_id . "<br>";
        echo "User Name: " . $_COOKIE["ava_username"]. "<br>";
        while ($row = mysqli_fetch_array($result))
        {
        echo $row['points'] . " and Joined " . $row['joined'];
        echo "<br>";
  }


}

@user3370305 : did you try this? – Awlad Liton Mar 02 '14 at 09:26 — Awlad Liton, Mar 02 '14 at 09:26

score 0 · Answer 2 · answered Mar 02 '14 at 09:12

You are mixing between mysql and mysqli .

Try this:

 <?php
include 'config.php';
$username = $_COOKIE["ava_username"];
$user_id = $_COOKIE["ava_userid"];
$useridquery = mysqli_query("SELECT id FROM ava_users WHERE username=$cookie");

if (isset($_COOKIE["ava_username"])) {
$result = mysqli_query("SELECT points FROM ava_users WHERE username=$username");
    echo "Cookie is enabled, and User status login is 0<br>";
    echo "User ID: ". $user_id . "<br>";
    echo "User Name: " . $_COOKIE["ava_username"]. "<br>";
    while ($row = mysqli_fetch_array($result))
    {
    echo $row['points'] . " and Joined " . $row['joined'];
    echo "<br>";
 }


}      
?>

score 0 · Answer 3 · edited May 23 '17 at 10:31

0

You are mixing functions from the mysql library with functions from the mysqli. They aren't the same, and that won't work. Please don't use mysql_*; the mysql_* functions are outdated, deprecated, and insecure. Use MySQLi or PDO instead.

Another problem: you use $cookie in your first query, but it looks like you mean $username. $cookie isn't defined. It doesn't look like you ever even use that query's results, though, so you could just take it out.

Another problem: you are wide open to SQL injection.

edited May 23 '17 at 10:31

Community

1
1

answered Mar 02 '14 at 09:12

elixenide

44,308
16
74
100

He doesn’t even use `$useridquery`. – Gumbo Mar 02 '14 at 09:16
I know, and I point that out above. I did edit my answer, but that was there before you posted your comment. – elixenide Mar 02 '14 at 09:16

score 0 · Answer 4 · answered Mar 02 '14 at 09:13

0

The problem is you are mixing two libraries (the mysql_*-family and the mysqli_*-family). You cannot use mysqli_fetch_array(...) with mysql_query(...).

answered Mar 02 '14 at 09:13

Sumurai8

20,333
11
66
100

Donkarnash · Answer 5 · 2014-03-02T10:14:55.873

Basically the mysqli_query will not work till both the parameters are included. Mysqli query requires 2 parameters $link = connection to the database and $sql = the sql query. So typically the mysqli_query is of the following format mysqli_query($link, $sql) . You can try as below

<?php
include 'config.php';
global $link; //where $link = mysqli_connect("DBserver", "DBuser", "DBpswd", "DBname")

$username = $_COOKIE["ava_username"];
$username = mysqli_real_escape_string($username);
$user_id = $_COOKIE["ava_userid"];
//if the id is an integer then instead of mysqli_real_escape_string use
$user_id = intval($user_id);

$sql = "SELECT id FROM ava_users WHERE username = '$username'";
$useridquery = mysqli_query($link, $sql);

if (isset($_COOKIE["ava_username"])) {
$sql = "SELECT points FROM ava_users WHERE username='$username'";
$result = mysqli_query($link, $sql);
echo "Cookie is enabled, and User status login is 0<br>";
echo "User ID: ". $user_id . "<br>";
echo "User Name: " . $_COOKIE["ava_username"]. "<br>";
while ($row = mysqli_fetch_array($result))
{
echo $row['points'] . " and Joined " . $row['joined'];
echo "<br>";
 }


}      
?>

However even this code is highly vulnerable to MYSQL injection. You should always use parameterized queries to get protection against sql injection.

Simple MYSQL wont echo :( mysqli_fetch_array() expects parameter 1 to be mysqli_result

5 Answers5