0

Ive been trying to display a "bid" from the database to no success.

here is my error

Fatal error: Function name must be a string in /home/rslistc1/public_html/get-bids.php on line 7

here is my code

<?php
include('session.php');
?>
<?php
require_once('mysql_connect.php');
$query3 = "SELECT id, username, bid FROM bids WHERE username = '$login_session'";
$result3 = mysql_query($query3) OR die($mysql_error());
$num = mysql_num_rows($result3);
while ($row = mysql_fetch_array($result3, MYSQL_ASSOC)) { ?>
<?php echo''.$row['bid'].''; 
}
?>

Any idea

user2054906
  • 13
  • 3
  • Your query is vulnerable to SQL injection attacks. Please [read this](http://bobby-tables.com) to understand how to prevent them. Also, PHP `mysql` extension is deprecated, you should use `mysqli` or `PDO`. [Read this related post](http://stackoverflow.com/questions/13944956/the-mysql-extension-is-deprecated-and-will-be-removed-in-the-future-use-mysqli) – Barranka Jul 03 '15 at 18:37

1 Answers1

0

Before we address the line 7 issue, lets check other errors. In order to request a query to a MYSQL database, we need to create a connection:

$con = mysqli_connect("ip_address","user","password","database_name");

Once we have that connection, let us check if we can actually connect to the database:

if (!$con) {
    die('Could not connect: ' . mysqli_error($con));
}

Appreciate that mysqli_error() function uses the connection. Now the query string:

$query3 = "SELECT id, username, bid FROM bids WHERE username = '$login_session'";

You are sending a query to look for a username called "$login_session" and it would most likely not find any match. To add strings from variables will be as follow:

$query3 = "SELECT id, username, bid FROM bids WHERE username = '" . $login_session . "'";

Now, for the error in line 7

result3 = mysql_query($con, $query3) OR die($mysql_error($con));

As you can see, both mysql function use the connection to check for errors. Try it and let me know if everything works fine.

Edit:

Terribly sorry my friend, I just forgot to put a little letter "i" on the line, also, I would like to show you my way to deal with the query result. First, the line as it should be:

$result3 = mysqli_query($con, $query3);

Notice the i after mysql. Now let us check whether we got some rows or not:

if (!$result3) {
    die('Could not retrieve data: ' . mysqli_error($con));
} else {
    while ($row = mysqli_fetch_array($result3)) {
        //Show your results
    }
}
Danny Aguilera
  • 36
  • 7
  • Warning: mysql_query() expects parameter 1 to be string, object given in /home/rslistc1/public_html/get-bids.php on line 7
    Fatal error: Function name must be a string in /home/rslistc1/public_html/get-bids.php on line 7
    line 7: $result3 = mysql_query($con, $query3) OR die($mysql_error($con));     – user2054906 Jul 03 '15 at 19:21
  • @user2054906 check the new edit please, let me know if it works. – Danny Aguilera Jul 03 '15 at 19:54