Can't clear error mysql_fetch_array() expects parameter 1 to be resource, object given

Question

I'm trying to build a SELECT query that allows me to use the form the results are returned in to process an UPDATE to a selected row. The warning I'm receiving appears on line 36 of my code. I thought I set the code up correctly to build the table, then populate it, but I can't find my error. I saw several versions of this quetions asked, but I didn't see one that talked about object given. Any help would be appeciated.

<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted>
</tr>";
while($record = mysql_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action=mynewform.php method=post>";
echo "<tr>"; 
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST[update])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysql_query($UpdateQuery, $con);
}; 
?>
<?php
    $connection->close();
?>
</body>
</html>

EDITED CODE

<html>

<head>

</head>

<body>

<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);

echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";

while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){

echo "<form action='mynewform'.php method='post'>";
echo "<tr>"; 
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . " </td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . " </td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . " </td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";

if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
}; 

?>

<?php
    $conn->close();
?>

</body>

</html>

SECOND EDIT

<html>

<head>

</head>

<body>

<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);

echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";

while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){

echo "<form action='mynewform.php' method='post'>";
echo "<tr>"; 
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . "'/></td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . "' /></td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . "' /></td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . "' /></td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . "' /></td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . "' /></td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . "' /></td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . "' /></td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";

if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
}; 

?>

<?php
    $conn->close();
?>

</body>

</html>

Answer 1

change mysql_fetch_array($result) to $result->fetch_array()

     if ($result->num_rows > 0){



   while($record = $result->fetch_array())
    {

    echo "<form action=mynewform.php method=post>";
    echo "<tr>"; 
    echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
    echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
    echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
    echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
    echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
    echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
    echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
    echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
    echo "<td>" . "<input type=submit name=update value=update" . " </td>";
    echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
    echo "</tr>";
    echo "</form>";
    }
    }

you can't merrage mysql and mysqli

Answer 2

You connect MYSQL by using mysqli_,and when you want to get result,still need mysqli_.

This an sample from official:

`$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if ($mysqli->connect_errno){
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}
$sql = "SELECT a.uid, a.role AS roleid, b.role,FROM tbl_usr a INNER JOIN tbl_memrole b ON a.role = b.id  ";
    if ($result = $mysqli->query($sql)) { 
        while($obj = $result->fetch_object()){ 
            $line.=$obj->uid; 
            $line.=$obj->role; 
            $line.=$obj->roleid; 
        }
    }
    $result->close(); 
    unset($obj); 
    unset($sql); 
    unset($query);`

Answer 3

Aside from the previous notes in the comments. I haven't seen any other answer/comments on your HTML elements so I will add an answer on those.

The HTML you will generate with this PHP will be invalid. Attributes need to be quoted and the input elements need to be closed.

So for example your current code

echo "<form action=mynewform.php method=post>";
echo "<tr>"; 
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";

would output:

<form action=mynewform.php method=post>
<tr>
<td><input type=text name=project value=what ever projects value is</td>

which is invalid the element named project here is never closed and its value would just be what. (or in some browsers; since mark up is invalid unexpected results should be expected)

Your PHP should be:

echo "<form action='mynewform.php' method='post'>";
echo "<tr>"; 
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /> </td>";

which should give you

<form action='mynewform.php' method='post'>
<tr>
<td><input type='text' name='project' value='what ever projects value is' /></td>

Notice how the syntax highlighting is different in the second example vs. the first.

Additionally please look at http://php.net/manual/en/mysqli.quickstart.prepared-statements.php, or a bit less secure approach but better than what you currently have, http://php.net/manual/en/mysqli.real-escape-string.php.

For a longer read on the whole topic see:
a) How can I prevent SQL injection in PHP?
b) http://php.net/manual/en/security.database.sql-injection.php
c) https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

Update:

Here's the structure I'd take (aside from the SQL injection hole):

<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['update'])){
    $UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
    mysqli_query($conn, $sql);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
?>
<html>
    <head>
    </head>
    <body>
        <table border='1'>
            <tr>
                <th>Project</th>
                <th>Client</th>
                <th>Last Name</th>
                <th>Date Received</th>
                <th>Final Review Date</th>
                <th>Date Delivered</th>
                <th>Date Accepted</th>
            </tr>
<?php
if ($result->num_rows > 0){
     while($record = mysqli_fetch_array($result)) {?>
            <form action='mynewform.php' method='post'>
                <tr>
                    <td><input type='text' name='project' value='<?php echo $record['Project'];?>' /></td>
                    <td><input type='text' name='client' value='<?php echo $record['Client'];?>'/></td>
                    <td><input type='text' name='lastname' value='<?php echo $record['LastName'];?>' /></td>
                    <td><input type='text' name='datereceived' value='<?php echo $record['DateReceived'];?>' /></td>
                    <td><input type='text' name='finalreviewdate' value='<?php echo $record['FinalReviewDate'];?>' /></td>
                    <td><input type='text' name='datedelivered' value='<?php $record['DateDelivered'];?>' /></td>
                    <td><input type='text' name='dateaccepted' value='<?php echo $record['DateAccepted'];?>' /></td>
                    <td><input type='hidden' name='hidden' value='<?php echo $record['Project'];?>' /></td>
                    <td><input type='submit' name='update' value='update' /></td>
                    <td><input type='submit' name='delete' value='delete' /></td>
                </tr>
            </form>
<?php
    }
}
$conn->close();
?>
        </table>
    </body>
</html>