kiplo Posted June 19, 2012 Share Posted June 19, 2012 mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xamp <?php include('config.php'); include('array.php'); $q=$_GET['q']; $sql = "\n" . "select * from harta_modal where Siri Pembuat like \'$q%\'\n" . "union\n" . "select * from harta_modal_printer where Siri Pembuat like \'$q%\'\n" . "union\n" . "select * from harta_moda_notebook where Siri Pembuat like \'$q%\'\n" . "union\n" ."select * from harta_moda_rangkaian where Siri Pembuat like \'$q%\'\ LIMIT 0, 30 "; $result=mysql_query($sql); print "<table border='1'> <tr> <th>Jenama</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['Jenama'] . "</td>"; echo "</tr>"; } echo "</table>"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/264420-whats-wrong-with-it/ Share on other sites More sharing options...
requinix Posted June 19, 2012 Share Posted June 19, 2012 If "Siri Pembuat" is actually the name of a field then 1. Shame on you for putting spaces in a field name. 2. Quote it with backticks. And you're vulnerable to SQL injection. Fix it: $qsafe = mysql_real_escape_string($q); "select ... like \'$qsafe\'\n" Quote Link to comment https://forums.phpfreaks.com/topic/264420-whats-wrong-with-it/#findComment-1355074 Share on other sites More sharing options...
kiplo Posted June 19, 2012 Author Share Posted June 19, 2012 okay tq Quote Link to comment https://forums.phpfreaks.com/topic/264420-whats-wrong-with-it/#findComment-1355075 Share on other sites More sharing options...
kiplo Posted June 19, 2012 Author Share Posted June 19, 2012 btw i was confused with the use of mysql_real_escape_string() =.=' Quote Link to comment https://forums.phpfreaks.com/topic/264420-whats-wrong-with-it/#findComment-1355078 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.