2

I'm trying to show my profile user's info, but when I test it gives me an empty result;

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, string given

I tested if the mysql query its working, and it does, because it's showing my echo 'Id user: '.$id_user; so, I don't know what's going on here.

$id_user = $_SESSION["id_usr"];
$consulta = 'SELECT user,name,password,city FROM web_users WHERE id_user=" . mysqli_escape_string($id_user) . "';
$resultado = $mysqli->query($consulta);
echo 'OK<br>';
echo 'Id user: '.$id_user;
/*if ($resultado->affected_rows == 1){*/
   $row = mysqli_fetch_assoc($consulta);
   echo '
      <div class="form_title">User:</div>
      <div class="form_content">'.$row["user"].'</div><br><br>
      <div class="form_title">Name:</div>
      <div class="form_content">'.$row["name"].'</div><br><br>
      <div class="form_title">Password:</div>
      <div class="form_content">'.$row["password"].'</div><br><br>
      <div class="form_title">City:</div>
      <div class="form_content">'.$row["city"].'</div><br><br>';
  /*}
else{
   $row = array();
   echo "<br>Empty Result";
}*/

Here you have what is showing :D

worldofjr
  • 3,868
  • 8
  • 37
  • 49
Aleix Gallet Segarra
  • 25
  • 3

5 Answers5

0

your php has syntax error, you can't use ' when you need php code in your query mysqli_escape_string($id_user) like you did, but you can update to :

$consulta = 'SELECT user,name,password,city 
FROM web_users WHERE id_user=\'' . mysqli_real_escape_string($con,$id_user) .'\'';

or 

$consulta = "SELECT user,name,password,city 
FROM web_users WHERE id_user='" . mysqli_real_escape_string($con,$id_user) ."'";

where $con is your connection object:

$con=mysqli_connect("localhost","my_user","my_password","my_db");
Gouda Elalfy
  • 6,888
  • 1
  • 26
  • 38
0

As per your screen shot, you are getting UserID = 1 so you can use your query as like that:

<?php
    $consulta = 'SELECT user,name,password,city 
    FROM web_users WHERE id_user='.mysqli_escape_string($id_user);
    $result = $conn->query($consulta);
?>

Now regarding this issue:

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result

// you can use like that:
if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        //your stuff
    }    
} 
else 
{
    echo "0 results";
}
?>

Issue in your code:

Actually you are mixing Object Oriented and Procedural method together and also with wrong variable.

Suppose, if you want to use mysqli_fetch_assoc with procedural way like:

$row = mysqli_fetch_assoc($consulta);

Than, note that $consulta is not returning the resource id, $consulta is equal to your query that you have write in a string.

devpro
  • 16,184
  • 3
  • 27
  • 38
0

There are some errors within your script kindly check them to work it properly please replace your query with this one and let me know if this help 

<?php
     $id_user =  mysqli_escape_string($_SESSION["id_usr"]);
     $consulta = "SELECT user,name,password,city FROM web_users WHERE id_user='$id_user'";
     $resultado = $mysqli->query($consulta);
     echo 'OK<br>';
     echo 'Id user: '.$id_user;

     $row = mysqli_fetch_assoc($resultado);
?>

Hope it helps you

Usman Khan
  • 359
  • 1
  • 13
0

You need to use the result set from your query and loop through any results. Additionally, you're using a single quote string which doesn't work over multiple lines.

You don't need to echo everything out though. You can just drop out of PHP processing and re-enter it when you need a variable.

$resultado = $mysqli->query($consulta);
echo 'OK<br>';
echo 'ID user: ' . $id_user;
while($row = $resultado->fetch_assoc())
{
   ?>
      <div class="form_title">User:</div>
      <div class="form_content"><?=$row["user"];?></div><br><br>
      <div class="form_title">Name:</div>
      <div class="form_content"><?=$row["name"];?></div><br><br>
      <div class="form_title">Password:</div>
      <div class="form_content"><?=$row["password"];?></div><br><br>
      <div class="form_title">City:</div>
      <div class="form_content"><?=$row["city"];?></div><br><br>
   <?php
}

Additionally, you're using mysqli_real_escape_string() inside a string without properly leaving the string parsing. I wouldn't actually try to clean inputs by escaping the strings anyway; prepared statements are a much better idea ...

$consulta = 'SELECT user,name,password,city FROM web_users WHERE id_user = ?';
$stmt = $con->prepare($consulta);
$stmt->bind_param('i', $id_user);
$stmt->execute();

$resultado = $stmt->get_result();
while ($row = $resultado->fetch_assoc())
{

}

Note: You should protect against SQL injection. Take a look at How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
worldofjr
  • 3,868
  • 8
  • 37
  • 49
-1

try this

$consulta = 'SELECT user,name,password,city FROM web_users WHERE id_user="' . mysqli_escape_string($id_user) . '" ';
$resultado = mysqli_query($con,$consulta);


$con->your connection string.
satya
  • 3,508
  • 11
  • 50
  • 130