0
<?php 
if (isset($_GET['hash'])&&!empty($_GET['hash'])){
        $hash = $_GET['hash'];
        $message_query = "SELECT from_id, message FROM message WHERE hash='$hash'";
        $run_messages = mysqli_query($con,$message_query);
        while($row_messages = mysqli_fetch_array($con,$run_messages)){
             $form_id = $row_messages['from_id'];
             $message = $row_messages['message'];

             $user_query = "SELECT username FROM admins WHERE id='$from_id'";
             $run_user = mysqli_fetch_array($con,$user_query);
             $from_username = $run_user['username'];

             echo "<p><strong>$from_username</strong></p></br>";
        }
}else{
    header('Location: messages.php');
}
?>

I'm getting this error message:

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, object given on line 6

Here's line 6 & as you can see I have already included the $con which is my database connection.

while($row_messages = mysqli_fetch_array($con,$run_messages)){

Dharman
  • 30,962
  • 25
  • 85
  • 135
Hello World
  • 53
  • 1
  • 1
  • 8

2 Answers2

0

mysqli_fetch_array

mysqli_fetch_array ( mysqli_result $result [, int $resulttype = MYSQLI_BOTH ] )

First parameter is Specifies a result set identifier returned by mysqli_query() and second parameter is result type

Remove connection as first parameter

It would be

$row_messages = mysqli_query($run_messages,MYSQLI_ASSOC);

Your code is open for sql injection better use bind statement

http://php.net/manual/en/mysqli-stmt.bind-param.php

To check error in your connection and query use

/* check connection */

if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

if (!$mysqli->query("SET a=1")) {
    printf("Errormessage: %s\n", $mysqli->error);
}

http://php.net/manual/en/mysqli.error.php

In second query you use

$user_query = "SELECT username FROM admins WHERE id='$from_id'";

TYPO here

$form_id !=$from_id

Change this to

$user_query = "SELECT username FROM admins WHERE id=' $form_id'";

Saty
  • 22,443
  • 7
  • 33
  • 51
  • The 2 errors appear: : mysqli_query() expects parameter 1 to be mysqli, string given on line 5 & mysqli_fetch_array() expects parameter 1 to be mysqli_result, object given on line 6 – Hello World Dec 18 '15 at 12:02
  • Have your problem solved using `$row_messages = mysqli_query($run_messages,MYSQLI_ASSOC); ` ?? – Saty Dec 18 '15 at 12:16
  • You have typo in second query `$form_id !=$from_id` – Saty Dec 18 '15 at 12:19
0
<?php 
if (isset($_GET['hash'])&&!empty($_GET['hash'])){
        $hash = mysqli_escape_string($con, $_GET['hash']);
        $message_query = "SELECT from_id, message FROM message WHERE hash='$hash'";
        $run_messages = mysqli_query($con,$message_query);
        while($row_messages = mysqli_fetch_array($run_messages, MYSQLI_ASSOC)){
             $from_id = $row_messages['from_id'];
             $message = $row_messages['message'];

             $user_query = "SELECT username FROM admins WHERE id='$from_id'";
             $query_run = mysqli_query($con, $user_query);
             $run_user = mysqli_fetch_array($query_run, MYSQLI_ASSOC);
             $from_username = $run_user['username'];

             echo "<p><strong>$from_username</strong></p></br>";
        }
}else{
    header('Location: messages.php');
}
?>

Essentially mysqli_fetch_array has one required parameter which is the result of a query and an optional query of the result type. $run_messages is the result of the first query and will be used for the execution of mysql_fetch_array and MYSQLI_ASSOC is the optional type that you will be using so you can access the values in $row_messages like you do.

Read mysqli_fetch_array for more information.

Also, please remember to escape user valued with mysqli_escape_string before allowing the data to be queried into the database. This reduces the chance of SQLi.

Matt
  • 2,851
  • 1
  • 13
  • 27