1

I have this function in functions.php and I want to fetch data using this function

function getQuestionByNumber($number){
        $sql = "SELECT * FROM question WHERE id = '$number'";
        $result = mysqli_query($db, $sql);
        $row = mysqli_fetch_assoc($result);
        return $row;
    }

What I am trying to do is using this function I want to fetch question from question table on the test page Heres my test page code:

<?php
    include('includes/conn.php');
    include('includes/functions.php');

    $number = $_GET['num'];
    $ques = getQuestionByNumber($number);
?>

<textarea readonly><?php echo $ques['question']; ?></textarea>

But it is giving error:

Notice: Undefined variable: db in C:\xampp\htdocs\onlineExam\testingques.php on line 9

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\onlineExam\testingques.php on line 9

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\onlineExam\testingques.php on line 10

Can someone please help me I am a beginner and just started building applications

Ndroid21
  • 400
  • 1
  • 8
  • 19
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Mar 22 '17 at 11:44
  • Thank you, I will update my code. – Ndroid21 Mar 22 '17 at 11:59

1 Answers1

3

try do something like 

function getQuestionByNumber($db, $number)
Maciej__
  • 159
  • 7