1

Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result

I have this bug:

mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/marlon/domains/webmasterplaats.nl/public_html/edit.php on line 36

This is the code: 

    <?php
    $ip = $_SERVER['REMOTE_ADDR'];
    $toegang[] = '86.91.195.26';
    $toegang[] = '84.86.189.70';

    $valid = true;
    if(in_array($ip, $toegang) || isset($valid))
    {
 if(isset($_GET['id']))
 {
  if($_SERVER['REQUEST_METHOD'] == 'POST')
  {
   mysql_query("UPDATE news SET titel='" . mysql_real_escape_string($_POST['titel']) . "', inhoud='" . mysql_real_escape_string($_POST['edit2']) . "' WHERE id='" . mysql_real_escape_string($_GET['id']) . "'");

   echo 'Met success geupdate.' ;
  }
   $database = mysql_connect('localhost','marlonhe19','123456789asd');
   mysql_select_db('wmp', $database);

  $id = $_GET['id'];

  $mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

  while($row = mysql_fetch_assoc($mysql)){
   $id = $row['id'];
   $titel = $row['titel'];
   $inhoud = $row['inhoud'];

  echo '
  <form id="form1" name="form1" method="post" action="">
  <input type="text" name="titel" value="$titel" /><br />
  <textarea name="edit2">$inhoud</textarea> <br />
  <input type="submit" name="Submit" value="Opslaan" />';
    }
    }
    }

What's the problem?

Community
  • 1
  • 1
Andre
  • 893
  • 2
  • 9
  • 30

4 Answers4

3

Warning: SQL injection possible. It looks like your query failed.

Replace this:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

With:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;") or die(mysql_error());

You should make your own error handling function, it's prefferable to display an error message, without exiting immediately.

Lekensteyn
  • 64,486
  • 22
  • 159
  • 192
1

You don't need a semi colon(;) in:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

Since you are passing a ;, the query execution fails and mysql_query return false and not an object. When you pass false to mysql_fetch_assoc it gives the error that you are getting.

Always add error check:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id'") or die(mysql_error());

Looks like your DB selection part has a problem. Add error checking to that aswell:

EDIT:

mysql_select_db('wmp', $database) or die(mysql_error());
codaddict
  • 445,704
  • 82
  • 492
  • 529
  • Yeah i now have this: $mysql = mysql_query("SELECT * FROM news WHERE id='$id'"); But it still give's the error. – Andre Aug 25 '10 at 17:14
  • Ohh I added the or die thing, and it sais "No db selected", but how can that be , i copied the connect thing from index.php.. It's exactly the same – Andre Aug 25 '10 at 17:15
  • Are you sure your `$id` has correct id. – codaddict Aug 25 '10 at 17:15
  • Yes, i checked every id possible. – Andre Aug 25 '10 at 17:16
  • Access denied for user 'marlonhe19'@'localhost' to database 'wmp' I get that error. But i't doesnt give me that on my homepage.. – Andre Aug 25 '10 at 17:20
0

You should check for errors, eg.

$news_result = mysql_query("SELECT * FROM news WHERE id='$id'")
                   or die("Query failed: ".mysql_error());

In addition, you should name your query result variables something sensible, i.e. not $mysql and you should be using bind variables to protect against SQL injection. Consider a query string of the following:

page.php?id='+OR+'1'='1
a'r
  • 35,921
  • 7
  • 66
  • 67
0

Have you tried running the query from mysql prompt. Looks like query returns error. Try changing your line

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

to

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;") or die(mysql_error());
Zimbabao
  • 8,150
  • 3
  • 29
  • 36