Cannot get mysql query to wok

Question

I am trying to query the table bets but it seems it is not returning anything, even though there is data in it which matches the criteria

I'm not sure if I'm missing something completely obvious or not

Here is my code,

<?php

        //Begin session
    session_start();

        //Get pool var
    if(isset($_GET['pool'])) {
        $_SESSION['pool'] = $_GET['pool'];
        $pool = $_SESSION['pool'];
    }

    //Include database connection details
    require_once('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Assign memberid
    $memberid = $_SESSION['SESS_MEMBER_ID'];

    echo "POOLNAME $pool<br>";
    echo "MEMBERID $memberid<br>";

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

    $result = mysql_query($link,"SELECT * FROM bets WHERE member_id='$memberid'");

    echo "RESULT $result";
    echo "SQL executed<br>";

    echo "Executing loop<br>";
    while($row = mysql_fetch_array($result))
    {
        echo "test<br>";
        $matchid = $row['match_id'];
        $betAmount = $row['bet_amount'];
        $teamname = $row['team_name'];
        echo "$betAmount credits placed on team: $teamname for match: $matchid";    
    }
?>

I've changed the two mysqli_ commands to mysql_ and still am not having any luck — user3490756, Apr 15 '14 at 19:24
Try change `mysql_query($link,"SELECT * FROM bets WHERE member_id='$memberid'")` to `mysql_query($link,"SELECT * FROM bets WHERE member_id='$memberid'") or die(mysql_error())` Does it die with any useful info? — Jono20201, Apr 15 '14 at 19:26
**By building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. [This question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. You can also see http://bobby-tables.com/php for alternatives and explanation of the danger. — Andy Lester, Apr 15 '14 at 19:27
Add `var_dump($db,$result,$link);` after `$result=...` and post? — DimeCadmium, Apr 15 '14 at 19:53

BrotherBallan · Accepted Answer · 2014-04-15T19:57:01.923

You are mixing mysql and mysqli commands. You need to use one or the other, preferably mysqli, if possible.

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

should be:

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);

And in mysqli_fetch_array() the first parameter is the mysqli result object (which you have correctly) and it requires a second parameter for the array it will return., MYSQLI_BOTH for example.

MYSQLI_BOTH will allow you to reference the array by the number indices or the column name MYSQLI_ASSOC will allow reference from column names but not number indices and MYSQLI_NUM allows number indices.

so while ($row = mysqli_fetch_array($result, MYSQLI_BOTH)) would be what you want.

Also, do refer to the comment from Andy Lester about SQL injection, it is very important to sanitize input.

MYSQL_BOTH is the default, as is MYSQLI_BOTH. – DimeCadmium Apr 15 '14 at 19:54 — DimeCadmium, Apr 15 '14 at 19:54

Cannot get mysql query to wok

1 Answers1