php mysql query throwing errors

Question

what is wrong with this script? it keeps giving my erros but will not tell me what is wrong

I need this to lookup channel number from the item number passed in url. then echo the channel number

<?php
$id = $_GET['item'];
if (!$link = mysql_connect('server', 'user', 'pass')) {
    echo 'Could not connect to mysql';
    exit;
}

if (!mysql_select_db('xmlrpc', $link)) {
    echo 'Could not select database';
    exit;
}

 $sql = mysql_query("SELECT channel FROM channels WHERE item = '".$_GET['item']."'")or die(mysql_error());
$result = mysql_query($sql, $link);

if (!$result) {
    echo "DB Error, could not query the database\n";
    echo 'MySQL Error: ' . mysql_error();
    exit;
}

while ($row = mysql_fetch_assoc($result)) {
    echo $row['channel'];
}

mysql_free_result($result);

?>

either use that `$sql` or `$result`, don't mix them – Kevin Feb 16 '15 at 01:38 — Kevin, Feb 16 '15 at 01:38

score 0 · Answer 1 · edited May 23 '17 at 12:05

0

 $sql = mysql_query("SELECT channel FROM channels WHERE item = '".$_GET['item']."'") or die(mysql_error());

To

 $sql = "SELECT channel FROM channels WHERE item = '".$_GET['item']."'";

As a sidenote do not use mysql_ functions, they became obsolete (PHP 5.5). Use PDO instead for example, as it stands your code is vulnerable to SQL injections.

edited May 23 '17 at 12:05

Community

1
1

answered Feb 16 '15 at 01:41

Tom Tom

3,680
5
35
40

Adrian Rayco · Accepted Answer · 2018-05-03T06:38:58.587

-1

when item is already declared as a variable $id

$id = $_GET['item'];

you could already use it as a variable in your mysql

$sql = mysql_query("SELECT channel FROM channels WHERE item = '".$_GET['item']."'")or die(mysql_error());

change it into

$sql="SELECT * FROM channels WHERE item ='$id'";

edited May 03 '18 at 06:38

answered Feb 16 '15 at 01:54

Adrian Rayco

29
3

php mysql query throwing errors

2 Answers2