justAnoob Posted May 19, 2009 Share Posted May 19, 2009 I know I'm missing something somewhere??? What is it??? No info is displayed from mysql. <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $row = mysql_query($query); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; ////// TABLE CONTINUES ON,,NO NEED TO SHOW ALL... ?> The script is inside a form. Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/ Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 You're not calling a fetch from the database. $query = mysql_query("SELECT `something` FROM `somewhere` LIMIT 1"); $row = mysql_fetch_assoc($query); echo $row['something']; Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836834 Share on other sites More sharing options...
MadTechie Posted May 19, 2009 Share Posted May 19, 2009 you may want to fetch the data ie $result = mysql_query($query); $row = mysql_fetch_attay($result); EDIT: Ahhhh KingPhilip beat me Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836835 Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 haha, fetch_attay? Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836838 Share on other sites More sharing options...
mrMarcus Posted May 19, 2009 Share Posted May 19, 2009 your query is messed up .. you ended your query short, ie. $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; your $_GET['id'] is outside the query. try this: $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = '" . $_GET['id'] . "'"; on top of that, you should never have $_GET directly inside a query. Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836839 Share on other sites More sharing options...
waynew Posted May 19, 2009 Share Posted May 19, 2009 <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $result = mysql_query($query) or trigger_error(mysql_error()); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)){ echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X</font>'; echo '</div></td></tr>'; } echo '</table>'; ?> Also make sure that you are cleaning all variables that are coming in from outside sources. Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836840 Share on other sites More sharing options...
Philip Posted May 19, 2009 Share Posted May 19, 2009 mrMarcus - actually if the column is of numeric type it is not needed to place single quotes around the value. However, you are right with regards to never directly putting any request variables in the query Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836841 Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 cleaning variables??? Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836844 Share on other sites More sharing options...
waynew Posted May 19, 2009 Share Posted May 19, 2009 cleaning variables??? Basically, when you're getting a variable from an outside source (i.e. not from your code but from a $_GET variable or $_POST variable etc, you should always clean them before placing them in queries. Otherwise, an attacker could use SQL injection to harm your application. Don't worry though, as it's easily done. $clean_variable = mysql_real_escape_string($_GET['dirty']); //now clean_variable can be inserted into a query Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836847 Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Still getting error with this line while($row = mysql_fetch_assoc($result)) Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836850 Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 I knew that,,,, sorry. Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836851 Share on other sites More sharing options...
waynew Posted May 19, 2009 Share Posted May 19, 2009 What does the error say? Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836852 Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\Hosting\3388298\html\viewitem.php on line 175 <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $found_id_main = mysql_real_escape_string($_GET['id']); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = '$found_id_main'"; $result = mysql_query($query); echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)) { echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; // continue echoing of table........... ?> Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836854 Share on other sites More sharing options...
waynew Posted May 19, 2009 Share Posted May 19, 2009 It means that the query failed, and thus, $result isn't a valid source. Please use $result = mysql_query($query) or trigger_error(mysql_error()); Instead of $result = mysql_query($query); In order to see what SQL error you're getting. Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836855 Share on other sites More sharing options...
justAnoob Posted May 19, 2009 Author Share Posted May 19, 2009 Notice: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 ............ the commented line below... Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in .....comment below also. <?php include "connection.php"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $query = "SELECT id, user_id, category, imgpath, imgpath2, imgpath3, imgpath4, imgpath5, item_name, description, in_return FROM abcxyz WHERE id = ".$_GET['id']; $result = mysql_query($query) or trigger_error(mysql_error()); ///////// echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; while($row = mysql_fetch_assoc($result)) ///////// second error { echo "<table width='954' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#000000' bgcolor='#BBD4E1'>"; echo "<tr><td width='188' height='180'><div align='center'>"; echo '<img src="' . $row['imgpath'] . '" width="125" alt="" /><font color="red"> X'; ?> Link to comment https://forums.phpfreaks.com/topic/158667-solved-little-help-please/#findComment-836858 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.