-2

I'm getting warning:

mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in

Here's my code:

<?php

    session_start(); 
    $db=mysqli_connect("localhost","aaron","","demo");
    $id=$_GET["id"];
    $sql=mysqli_query($db,"SELECT * FROM usres");
    $check=mysqli_fetch_array($db,$sql);
    if(isset($_POST['update'])){    
        $id=$_POST['id'];
        $name=$_POST['name'];
        $email=$_POST['email'];
        $password=$_POST['password'];
        $bankbookno=$_POST['bankbookno'];
        $adharno=$_POST['adharno'];
        $pancard=$_POST['pancard'];
        $result = mysqli_query($db, "UPDATE users SET name='$name',email='$email',password='$password',bankbookno='$bankbookno' ,adharno='$adharno',pancard='$pancard'WHERE id=$id");
        header("location:view.php");
    }
?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
Aaron
  • 1
  • 1
  • 5
  • edit your code and ask a question. It's likely your post will be deleted. – Budimir Skrtic Apr 17 '19 at 05:58
  • Please add explanation to improve your question – mastisa Apr 17 '19 at 05:58
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 01 '19 at 18:39

2 Answers2

0

mysql_fetch_array requires a mysqli_result as first parameter. You can obtain a mysqli_result as the return of the mysqli_query.

For example:

$db = mysqli_connect("localhost","aaron","","demo");
$sql = mysqli_query($db,"SELECT * FROM usres");
$check = mysqli_fetch_array($sql);

Also note that using $_POST['id'] directly (via $id in your case) in a SQL statement will enable SQL injection attacks against your application. There are plenty of different approaches, one of them being prepared statements.

Mathieu Mitchell
  • 148
  • 3
0

mysqli_fetch_array needs only one param which returned by mysqli_query(), mysqli_store_result() or mysqli_use_result()

$sql=mysqli_query($db,"SELECT * FROM usres");

$check=mysqli_fetch_array($sql);//removed $db, which is not needed here

The mysqli_fetch_array() function fetches a result row as an associative array, a numeric array, or both.

mysqli_fetch_array Parameter should be:

returned by mysqli_query(), mysqli_store_result() or mysqli_use_result()

M.Hemant
  • 2,345
  • 1
  • 9
  • 14