mysql php error - quote system

Question

I can't get my authors from my php quotes

i have a quotes table: id, quote, aid

i have a author table: id, name, etc...

<?php

$DB_SERVER = "localhost";
$DB_USER = "root";
$DB_PASS = "";
$DB_NAME = "test";
$con = mysql_connect($DB_SERVER, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);

$sql = mysql_query("SELECT * FROM quotes WHERE id = ".$_GET['id'], $con);
$row = mysql_fetch_row($sql);

$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);
$row = mysql_fetch_row($sql); 


var_dump($row);

now i get this error Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /var/www/domain.com/php.php on line 14 NULL

You are not doing any error checking in your query. You *need* to do that after a `mysql_query()` call. Otherwise, your script will break if the query fails. How to do this is outlined in the [manual on `mysql_query()`](http://php.net/mysql_query) or in this [reference question.](http://stackoverflow.com/questions/6198104/reference-what-is-a-perfect-code-sample-using-the-mysql-extension) — Pekka, Dec 10 '11 at 20:20
Also, the code you show is vulnerable to [SQL injection](http://php.net/manual/en/security.database.sql-injection.php). Use the proper sanitation method of your library (like `mysql_real_escape_string()` for the classic mysql library), or switch to PDO and prepared statements. — Pekka, Dec 10 '11 at 20:20
possible duplicate of [mysql_fetch_array() expects parameter 1 to be resource, boolean given in select](http://stackoverflow.com/questions/2973202/mysql-fetch-array-expects-parameter-1-to-be-resource-boolean-given-in-select) — fuxia, Aug 03 '12 at 22:26

score 7 · Accepted Answer · answered Dec 10 '11 at 21:05

if you print_r($row); after the first query you will see something like:

Array
(
    [0] => id
    [1] => quote 
    [2] => aid
)

then on your second query you use $row[1] which is the quote (string) and not the number.

$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);

if you echo the error (using mysql_error($con)) you will see something:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a quote

instead of using mysql_fetch_row use mysql_fetch_assoc and the key of the array will be the name of the column. This way, it's very easy to retrieve data. And don't forget to close your connection.

<?php
$_GET['id'] = 1;
$DB_SERVER = "localhost";
$DB_USER = "root";
$DB_PASS = "";
$DB_NAME = "test";
$con = mysql_connect($DB_SERVER, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);
$sql = mysql_query("SELECT * FROM quotes WHERE id = " . (int)$_GET['id'], $con); // or you can use the mysql_real_escape_string
if(!$sql) {
  echo mysql_error($con);
}
$row = mysql_fetch_assoc($sql);
mysql_free_result($sql);

$sql = mysql_query("SELECT * FROM author where id = " . (int)$row['aid'], $con);
if(!$sql) {
  echo mysql_error($con);
}
$row = mysql_fetch_assoc($sql); 
mysql_free_result($sql);

print_r($row);
mysql_close($con);

score 1 · Answer 2 · edited Jun 20 '20 at 09:12

1

From the manual:

mysql_query() returns a resource on success, or FALSE on error.

mysql_query() will also fail and return FALSE if the user does not have permission to access the table(s) referenced by the query.

So just do some quick error checking

$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);
if ( $sql ) {
    $row = mysql_fetch_row($sql); 
}
else {
    //error
}

edited Jun 20 '20 at 09:12

Community

1
1

answered Dec 10 '11 at 20:23

Galen

29,976
9
71
89

+1. You can call `mysql_error($con)` to get the specific MySQL error. – Jon Gauthier Dec 10 '11 at 20:25

mysql php error - quote system

2 Answers2