9

Possible Duplicate:
“Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given” error while trying to create a php shopping cart

I don't get it, I see no mistakes in this code but there is this error, please help:
mysql_fetch_array() expects parameter 1 to be resource problem

<?php

      $con = mysql_connect("localhost","root","nitoryolai123$%^");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }

    mysql_select_db("school", $con);
       $result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']);
    ?>     


                           <?php while ($row = mysql_fetch_array($result)) { ?>             
                                     <table class="a"  border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#D3D3D3">
    <tr>

    <form name="formcheck" method="get" action="updateact.php" onsubmit="return formCheck(this);">
    <td>
    <table  border="0" cellpadding="3" cellspacing="1" bgcolor="">
    <tr>

    <td  colspan="16" height="25"  style="background:#5C915C; color:white; border:white 1px solid; text-align: left"><strong><font size="2">Update Students</td>


    <tr>
    <td width="30" height="35"><font size="2">*I D Number:</td>
    <td width="30"><input  name="idnum" onkeypress="return isNumberKey(event)" type="text" maxlength="5" id='numbers'/ value="<?php echo $_GET['id']; ?>"></td>
    </tr>

    <tr>
    <td width="30" height="35"><font size="2">*Year:</td>
    <td width="30"><input  name="yr" onkeypress="return isNumberKey(event)" type="text" maxlength="5" id='numbers'/ value="<?php echo $row["YEAR"]; ?>"></td>

<?php } ?>

I'm just trying to load the data in the forms but I don't know why that error appears. What could possibly be the mistake in here?

Community
  • 1
  • 1
user225269
  • 10,743
  • 69
  • 174
  • 251
  • 1
    I would recommend to at least cast `$_GET['id']` to `int`: `mysql_query("SELECT * FROM student WHERE IDNO=" . (int)$_GET['id']);` – binaryLV Apr 23 '10 at 09:29

7 Answers7

22

You are not doing error checking after the call to mysql_query:

$result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']);
if (!$result) { // add this check.
    die('Invalid query: ' . mysql_error());
}

In case mysql_query fails, it returns false, a boolean value. When you pass this to mysql_fetch_array function (which expects a mysql result object) we get this error.

codaddict
  • 445,704
  • 82
  • 492
  • 529
2

Give this a try

$indo=$_GET['id'];
$result = mysql_query("SELECT * FROM student WHERE IDNO='$indo'");

I think this works..

DisplayName
  • 3,093
  • 5
  • 35
  • 42
yapiyapi
  • 21
  • 1
2
$id = intval($_GET['id']);
$sql = "SELECT * FROM student WHERE IDNO=$id";
$result = mysql_query($sql) or trigger_error(mysql_error().$sql);

always do it this way and it will tell you what is wrong

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

Make sure that your query ran successfully and you got the results. You can check like this:

$result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']) or die(mysql_error());


if (is_resource($result))
{
   // your while loop and fetch array function here....
}
Sarfraz
  • 377,238
  • 77
  • 533
  • 578
0

The most likely cause is an error in mysql_query(). Have you checked to make sure it worked? Output the value of $result and mysql_error(). You may have misspelled something, selected the wrong database, have a permissions issue, etc. So:

$id = (int)$_GET['id']; // this also sanitizes it
$sql = "SELECT * FROM student WHERE idno = $id";
$result = mysql_query($sql);
if (!$result) {
  die("Error running $sql: " . mysql_error());
}

Sanitizing $_GET['id'] is really important. You can use mysql_real_escape_string() but casting it to an int is sufficient for integers. Basically you want to avoid SQL injection.

cletus
  • 616,129
  • 168
  • 910
  • 942
0

In your database what is the type of "IDNO"? You may need to escape the sql here:

$result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']);
zaf
  • 22,776
  • 12
  • 65
  • 95
0

You are using this :

mysql_fetch_array($result)

To get the error you're getting, it means that $result is not a resource.


In your code, $result is obtained this way :

$result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']);

If the SQL query fails, $result will not be a resource, but a boolean -- see mysql_query.

I suppose there's an error in your SQL query -- so it fails, mysql_query returns a boolean, and not a resource, and mysql_fetch_array cannot work on that.


You should check if the SQL query returns a result or not :

$result = mysql_query("SELECT * FROM student WHERE IDNO=".$_GET['id']);
if ($result !== false) {
    // use $result
} else {
    // an error has occured
    echo mysql_error();
    die;    // note : echoing the error message and dying 
            // is OK while developping, but not in production !
}

With that, you should get a message that indicates the error that occured while executing your query -- this should help figure out what the problem is ;-)


Also, you should escape the data you're putting in your SQL query, to avoid SQL injections !

For example, here, you should make sure that $_GET['id'] contains nothing else than an integer, using something like this :

$result = mysql_query("SELECT * FROM student WHERE IDNO=" . intval($_GET['id']));

Or you should check this before trying to execute the query, to display a nicer error message to the user.

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663