-1
<?php
    include "head-main.php";
    include "conn.php";

    if(isset($_GET)){ $var = $_GET["cat"]; }
    $data = mysql_query('SELECT kampword FROM data_dict where category=$var');

   $retval = mysql_query( $data, $conn );

     if(! $retval ) {
   die('Could not get data: ' . mysql_error());
   }

   while($row = mysql_fetch_assoc($retval)) {
   echo "World :{$row['kampword']}  <br> ".
     "--------------------------------<br>";
  }

  ?>

i'm new in programming, i can't trace what's wrong with my code, can you help me. i'm trying to print some data on my DB

i always get this error "Could not get data: Query was empty"

Dorzz Dahina
  • 1
  • 3
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Mar 22 '17 at 13:53
  • 3
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Mar 22 '17 at 13:53
  • is `$var` a string? and does it have value? – Funk Forty Niner Mar 22 '17 at 13:53
  • Variables doesn't are interpreted in simple quotes. – rray Mar 22 '17 at 13:54
  • test SELECT kampword FROM data_dict where category=$var directly to db from for example phpadmin, relpacing $var with a actual value... what do you get? – Nomistake Mar 22 '17 at 13:55
  • Why are you running the query against the SQL query, then another query against the results? Follow the advice and switch to PDO or mysqli, and only run the query once. – aynber Mar 22 '17 at 13:56
  • 1
    maybe $data = mysql_query("SELECT kampword FROM data_dict where category=".$var.""); – Nomistake Mar 22 '17 at 13:57
  • when u fetching a single results there's no need to loop – Masivuye Cokile Mar 22 '17 at 14:00

3 Answers3

0

You are calling twice the mysql_query function for nothing. Try to replace your lines with :

<?php
if(isset($_GET["cat"])) { 
    $var = $_GET["cat"];
    $retval = mysql_query('SELECT kampword FROM data_dict where category=$var');
}else {
    $retval = false;
}
Guillaume Sainthillier
  • 1,655
  • 1
  • 9
  • 13
0
$data = mysql_query("SELECT kampword FROM data_dict where category=$var");

or

$data = mysql_query('SELECT kampword FROM data_dict where category="'.$var.'"');
Bhaskar Jain
  • 1,651
  • 1
  • 12
  • 20
0

try 

if(isset($_GET["cat"])){ $var = $_GET["cat"]; }
maiky_forrester
  • 598
  • 4
  • 19