Resource id # 4 php

Question

everytime i try and add one to the second column of a certain name, it changes the value to 5, if i echo my event it says it is equal to resource id #4. Anyone have any fixes?

<form action="new.php" method="POST">
<input type="text" name="input_value">
<br />
<input name="new_User" type="submit" value="Add to Users">
<input type="submit" name="event_Up" value="Attended Event">
<?php
//Connect to Database
mysql_connect("localhost", "root", "");

//If Add New user butten is clicked execute

if (isset($_POST['new_User']))
{
$username = $_POST['input_value'];
$make = "INSERT INTO `my_db`.`profile` (`Name`, `Events`) VALUES ('$username', '1')";
mysql_query($make);

}
//If Event up is pushed then add one

if (isset($_POST['event_Up']))
{
$username = $_POST['input_value'];
$event = mysql_query("SELECT 'Events' FROM `my_db`.`profile` WHERE Name ='$username'");
$newEvent = $event +1;
$update = "UPDATE `my_db`.`profile` SET Events = '$newEvent' WHERE Name = '$username'";
mysql_query($update);
}

//Print Table
$data = mysql_query("SELECT * FROM `my_db`.`profile`");
Print "<table border cellpadding=4>";
while($info = mysql_fetch_array($data))
{
Print "<tr>";
Print "<th>Name:</th> <td> ".$info['Name'] . "</td>";
Print "<th>Events:</th> <td>".$info['Events'] . " </td>";
}
Print "</table>";

?>

Welcome to Stack Overflow! You are not doing any error checking after your queries. You need to do that - otherwise, your script will break if the query fails. How to do this is outlined in the [manual on `mysql_query()`](http://php.net/mysql_query) or in this [reference question.](http://stackoverflow.com/questions/6198104/reference-what-is-a-perfect-code-sample-using-the-mysql-extension) — Pekka, Dec 10 '11 at 00:25
...and you don't do any checking on what's coming through `$_POST`. Your application is vulnerable to SQL Injections. — halfdan, Dec 10 '11 at 00:27

simshaun · Answer 1 · 2011-12-10T00:48:42.173

I've cleaned up your code a little bit.

It's still a mess, but should at least work (un-tested though).

<form action="new.php" method="post">
    <input type="text" name="input_value">
    <br />
    <input name="new_User" type="submit" value="Add to Users">
    <input type="submit" name="event_Up" value="Attended Event">
</form>

<?php
//Connect to Database
mysql_connect("localhost", "root", "");

//If Add New user butten is clicked execute
if (isset($_POST['new_User']))
{
    $username = empty($_POST['input_value']) ? NULL : $_POST['input_value'];

    if ( ! empty($username))
    {
        mysql_query("
            INSERT INTO `my_db`.`profile`
                (`Name`, `Events`)
            VALUES
                ('". mysql_real_escape_string($username) ."', 1)
        ");
    }
}

//If Event up is pushed then add one
if (isset($_POST['event_Up']))
{
    $username = empty($_POST['input_value']) ? NULL : $_POST['input_value'];

    if ( ! empty($username))
    {
        $event = mysql_query("
            SELECT
                Events
            FROM
                `my_db`.`profile`
            WHERE
                Name = '". mysql_real_escape_string($username) ."'
        ");
        $newEvent = (int) (mysql_result($event, 0, 'Events') + 1);

        mysql_query("
            UPDATE
                `my_db`.`profile`
            SET
                Events = $newEvent
            WHERE
                Name = '". mysql_real_escape_string($username) ."'
        ");
    }
}

//Print Table
$data = mysql_query("SELECT * FROM `my_db`.`profile`");
Print "<table border cellpadding=4>";
while($info = mysql_fetch_assoc($data))
{
    Print "<tr>";
    Print "<th>Name:</th> <td> ". htmlentities($info['Name'], ENT_COMPAT, 'UTF-8') . "</td>";
    Print "<th>Events:</th> <td>". htmlentities($info['Events'], ENT_COMPAT, 'UTF-8') . " </td>";
}
Print "</table>";
?>

Edit:
Just so you are aware... your issue was $newEvent = $event +1;.

$event is a MySQL resource, not the query's result. You have to use one of the mysql_* functions to get the data (see my code above.)

It seems you are just learning PHP, and I would highly recommend you stop using the mysql_* functions right now and start using PDO.

+1 Nice answer. I'm writing a comment to put a bigger emphasis on **SQL Injection** for the OP. Always escape your values that came from the outside (POST, GET, COOKIE, anything) and are inserted into SQL queries! — kapa, Dec 10 '11 at 00:57

score 0 · Answer 2 · answered Dec 10 '11 at 00:27

0

use mysql_fetch_assoc not mysql_fetch_array

any time you get a resource id rather than data it means you have just a pointer to something and most likely need a function call to get the data out.

answered Dec 10 '11 at 00:27

hackartist

5,172
4
33
48

score 0 · Answer 3 · answered Dec 10 '11 at 00:28

You need to fetch the array and then define $event based on the results. You're assigning $events on the mysql query itself.

$result = mysql_query("SELECT 'Events' FROM `my_db`.`profile` WHERE Name ='$username'");
while($row = mysql_fetch_array( $result )) {
     $event = $row['Events'];
}

Resource id # 4 php

3 Answers3