justAnoob Posted May 19, 2009 Share Posted May 19, 2009 I know I'm missing something somewhere??? What is it??? No info is displayed from mysql. <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $row = mysql_query($query); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; ////// TABLE CONTINUES ON,,NO NEED TO SHOW ALL... ?> The script is inside a form. Quote Link to comment Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 You're not calling a fetch from the database. $query = mysql_query("SELECT `something` FROM `somewhere` LIMIT 1"); $row = mysql_fetch_assoc($query); echo $row['something']; Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2009 Share Posted May 19, 2009 you may want to fetch the data ie $result = mysql_query($query); $row = mysql_fetch_attay($result); EDIT: Ahhhh KingPhilip beat me Quote Link to comment Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 haha, fetch_attay? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted May 19, 2009 Share Posted May 19, 2009 your query is messed up .. you ended your query short, ie. $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; your $_GET['id'] is outside the query. try this: $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = '" . $_GET['id'] . "'"; on top of that, you should never have $_GET directly inside a query. Quote Link to comment Share on other sites More sharing options...
waynewex Posted May 19, 2009 Share Posted May 19, 2009 <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $result = mysql_query($query) or trigger_error(mysql_error()); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)){ echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X</font>'; echo '</div></td></tr>'; } echo '</table>'; ?> Also make sure that you are cleaning all variables that are coming in from outside sources. Quote Link to comment Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 mrMarcus - actually if the column is of numeric type it is not needed to place single quotes around the value. However, you are right with regards to never directly putting any request variables in the query Quote Link to comment Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 cleaning variables??? Quote Link to comment Share on other sites More sharing options...
waynewex Posted May 19, 2009 Share Posted May 19, 2009 cleaning variables??? Basically, when you're getting a variable from an outside source (i.e. not from your code but from a $_GET variable or $_POST variable etc, you should always clean them before placing them in queries. Otherwise, an attacker could use SQL injection to harm your application. Don't worry though, as it's easily done. $clean_variable = mysql_real_escape_string($_GET['dirty']); //now clean_variable can be inserted into a query Quote Link to comment Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Still getting error with this line while($row = mysql_fetch_assoc($result)) Quote Link to comment Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 I knew that,,,, sorry. Quote Link to comment Share on other sites More sharing options...
waynewex Posted May 19, 2009 Share Posted May 19, 2009 What does the error say? Quote Link to comment Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\Hosting\3388298\html\viewitem.php on line 175 <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $found_id_main = mysql_real_escape_string($_GET['id']); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = '$found_id_main'"; $result = mysql_query($query); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)) { echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; // continue echoing of table........... ?> Quote Link to comment Share on other sites More sharing options...
waynewex Posted May 19, 2009 Share Posted May 19, 2009 It means that the query failed, and thus, $result isn't a valid source. Please use $result = mysql_query($query) or trigger_error(mysql_error()); Instead of $result = mysql_query($query); In order to see what SQL error you're getting. Quote Link to comment Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Notice: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 ............ the commented line below... Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in .....comment below also. <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $result = mysql_query($query) or trigger_error(mysql_error()); ///////// echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)) ///////// second error { echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.