0

Novice SQL & PHP user here, still learning.

Currently trying to complete a project for a friend, however, come across this error when trying to sum a column in SQL via php - Resource id #13. 

PHP:
$uid = $user->data['id'];
//FETCH NUMBER OF SLOTS
$totalBookedSlots = $db->query( "SELECT COUNT(dj) FROM timetable WHERE dj='{$uid}' LIMIT 1" );
//TOTAL SLOTS ARRAY
$totalBookedSlots1 = mysql_result($totalBookedSlots,"totalBookedSlots");

...

<div class="box" style="width: 200px;">
    <div class="square title"><strong>Slots Booked</strong></div> 

         <p>You have <strong><?php echo $totalBookedSlots; ?></strong> slots booked!</div>

         <?php } ?>

    </div>

A

HDJEMAI
  • 9,436
  • 46
  • 67
  • 93
Michael Berry
  • 5
  • 1
  • 1
  • 6
  • 3
    as you are still learning, it will be better to learn [`mysqli_*`](http://php.net/mysqli) or [`pdo`](http://php.net/pdo) instead of using the deprecated & removed `mysql_*` extension . – hassan Apr 15 '17 at 17:16
  • 1
    and how do you implement your `$db` object and `query` method ? or you are using mysqli or pdo already ? – hassan Apr 15 '17 at 17:19
  • Full page code here; https://pastebin.com/eVxRKF5n. – Michael Berry Apr 15 '17 at 17:29
  • where is the `$db` object? – hassan Apr 15 '17 at 17:38
  • however, take a look at the `mysql_result` documentation page, specially the second parameter type. – hassan Apr 15 '17 at 17:39
  • This script is already completed, I'm just making some additions and modifications. Any assistance would be greatly appreciated. – Michael Berry Apr 15 '17 at 17:47
  • i am voting close sorry. `$db->query` then mysql_result ? just no – Peter Apr 17 '17 at 17:45
  • @MichaelBerry Unfortunately, the code is really very wrong in its current form. One can't be mixing up object oriented (`$db->query`) and procedural (`mysql_*()`) ways for the same query. It'd rather be a good idea to rewrite the script from scratch using one of several tutorials available online. This randomly picked [tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers) demonstrates using PDO with Prepared Statements. As such, a script without Prepared Statements is very vulnerable to [SQL Injection Attacks](http://stackoverflow.com/q/60174/2298301). – Dhruv Saxena Apr 17 '17 at 18:04

1 Answers1

0

I see two problems here.

  1. You are mixing the deprecated MySQL extension with what appears to be MySQLi or PDO (whatever $db is). This won't work. You can't mix and match.

    (If $db is really based on the MySQL extension, you need to fix this. The MySQL extension has been removed permanently in PHP 7.0, which was released in late 2015. You need to be ready for this change.)

  2. The value you're printing in your template is $totalBookedSlots -- the value you retrieved is in another variable, $totalBookedSlots1. (A better choice of variable names would have made this error much more obvious.)