-1

I don't know how to solve my problem.

this my error line code:

$query = mysql_query("SELECT client FROM `timecards` GROUP BY `client`");
while($row=mysql_fetch_assoc($connection,$query)) {
    $cc .= '<option value="'.$row['client'].'">'.$row['client'].'</option>';
}

and my part code:

if($_GET) {
    $start = date('Y-m-d H:i:s', strtotime($_GET['s']));
    $end = date('Y-m-d H:i:s', strtotime($_GET['e']));
    $client = preg_replace('/[^a-zA-Z0-9 ]+/', '', $_GET['client']);
    $query = mysql_query("SELECT * FROM `timecards` WHERE `client`='$client' && `punch` BETWEEN '$start' AND '$end' ORDER BY `punch`");
    while($row = mysql_fetch_assoc($query)) {
        $q = question(base64_decode($row['comment']));
        if($t === null) {
            $t = $row['punch'];
            $results .= "<br />" . format($row['punch']) . $q;
        } else {
            $j = timediff($t, $row['punch']);
            $results .= "to " . format($row['punch']) . $q . " = " . His($j);
            $total += $j;
            $t = null;
        }
    }
    if($t !== null) {
        $results .= " STILL CLOCKED IN";
    }
    $results .= "<br /><br /><strong>Total:</strong> " . His($total);
}

$query = mysql_query("SELECT client FROM `timecards` GROUP BY `client`");
while($row = mysql_fetch_assoc($connection, $query)) {
    $cc .= '<option value="' . $row['client'] . '">' . $row['client'] . '</option>';
}
GrumpyCrouton
  • 8,486
  • 7
  • 32
  • 71
alif sahud
  • 1
  • [Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` – GrumpyCrouton Dec 01 '17 at 15:42
  • **Please**, don't use `mysql_*` functions for new code. They are no longer maintained and the community has begun the [deprecation process](http://news.php.net/php.internals/53799), and `mysql_*` functions have been officially removed in PHP 7. Instead you should learn about [prepared statements](https://en.wikipedia.org/wiki/Prepared_statement) and use either `PDO` or `mysqli_*`. If you can't decide, [this article will help to choose your best option](http://php.net/manual/en/mysqlinfo.api.choosing.php). – GrumpyCrouton Dec 01 '17 at 15:42
  • You cannot use `&&` in mysql statement in line 5 of part code – Pritamkumar Dec 01 '17 at 15:45
  • 1
    `mysql_fetch_assoc($connection, $query)` should be `mysql_fetch_assoc($query)` – GrumpyCrouton Dec 01 '17 at 15:45
  • Looks to me like you might be getting the `mysql_` and `mysqli_` API's mixed up. Show us your code that connects to the database please – RiggsFolly Dec 01 '17 at 15:49
  • thanks guys if have more any idea just comment :D – alif sahud Dec 02 '17 at 14:08
  • RiggsFolly this is my code to connect database: – alif sahud Dec 02 '17 at 14:13

1 Answers1

0

mysql_fetch_assoc() takes one parameter - the query handle. You are passing the connection handle AND the query handle. You should pass the connection handle to mysql_query() instead.

Code should read:

$query = mysql_query("SELECT client FROM `timecards` GROUP BY `client`", $connection);

while($row=mysql_fetch_assoc($query)) {
...
RichardAtHome
  • 4,293
  • 4
  • 20
  • 29
  • 1
    **WARNING:** This answer contains code that is deprecated (And removed in newer versions of PHP), and should not be used in new code. – GrumpyCrouton Dec 01 '17 at 16:12