1

I'm working on making a receipt for my registration code and I keep getting this error:

mysql_fetch_array() expects parameter 1 to be resource, boolean given in

<?php
// (2)gather details of CustomerID sent
$customerId = $_GET['CustomerID'] ;
// (3)create query
$query = "SELECT * FROM Customer WHERE CustomerID = $customerId";
// (4) Run the query on the customer table through the connection
$result = mysql_query ($query);
// (5) print message with ID of inserted record
if ($row = mysql_fetch_array($result))
{
print "The following Customer was added";
print "<br>Customer ID: " . $row["CustomerID"];
print "<br>First Name: " . $row["Firstnames"];
print "<br>Surname: " . $row["Surname"];
print "<br>User Name: " . $row["Username"];
print "<br>Email: " . $row["Email"];
print "<br>Password: " . $row["Password"];
}
?>
BenMorel
  • 34,448
  • 50
  • 182
  • 322
timoh
  • 37
  • 4
  • http://stackoverflow.com/search?q=mysql_fetch_array%28%29+expects+parameter+1+to+be+resource%2C+boolean+given – deceze Nov 23 '11 at 13:42
  • 3
    Fix your damn SQL injections. And `mysql_fetch_array() expects parameter ` ALWAYS MEANS THERE IS AN ERROR IN YOUR QUERY! – Mārtiņš Briedis Nov 23 '11 at 13:42

3 Answers3

0

Replace this: 

$result = mysql_query ($query);

With this and see what error happens:

$result = mysql_query ($query) or die(mysql_error());
fonini
  • 3,243
  • 5
  • 30
  • 53
  • ok thank you. so i fixed my original problem but now when am directed to the reciepts page i get this error instead: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near " at line 1. line 1 is include "connection.php"; – timoh Nov 23 '11 at 14:02
  • never mind i wasnt looking at the right thing. – timoh Nov 23 '11 at 14:10
0

That error messages means that $result respective mysql_query() didn't return a valid resource.

Please try mysql_query($query) or die(mysql_error());. By the way I don't see a mysql_connect() and mysql_select_db()!

Warning:

Your code is very insecure (-->SQL injection)!

Please escape all data coming from $_GET or $_POST via mysql_real_escape_string() or intval (if it is an integer!).

ComFreek
  • 29,044
  • 18
  • 104
  • 156
  • yeh i forgot the connection...thank you. what do you mean by escape all data? – timoh Nov 23 '11 at 13:51
  • If `$_GET['CustomerId']` is for example `0 OR 1=1`, your query will be `SELECT * FROM Customer WHERE CustomerID = 0 OR 1=1` and this will select all data from your table! You can also run other commands like deleting some tables! Please search for `SQL Injection`. – ComFreek Nov 23 '11 at 14:01
0

You must first connect to your Database Server and select the database on which you wish to work. 

<?php
if ( isset($_GET['CustomerID']) )
{
  $customerId = $_GET['CustomerID'] ;

  $con = mysql_connect("your_db_address", "db_username", "db_password");  
  if(!$con)
  {
     echo "Unable to connect to DB: " . mysql_error();
     exit;
  }

  $db  = mysql_select_db("your_db_name");
  if (!$db)
  {
     echo "Unable to select DB: " . mysql_error();
     exit;
  }

  /* Rest of your code starting from $query */
}
?>
check123
  • 1,989
  • 2
  • 22
  • 28