Jump to content

Suddenly getting error: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 13


jannmirch

Recommended Posts

I am suddenly getting an error on a client's page: http://kajagamdesign.com/portfolio.php

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 13

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 26

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 45

 

Here is the code in question:

//GET PRIMARY PORTFOLIO ID IF NONE CAPTURED
if (!$c_page) {
$query  = "SELECT id FROM gallery_rooms ORDER BY sort ASC LIMIT 1";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
$c_page = $row['id'];
}
}
//----------------------------------------------------
 
//----------------------------------------------------
//FORMAT PORTFOLIO SIDE NAV
$port_nav = '';
 
$query  = "SELECT id, title FROM gallery_rooms ORDER BY sort ASC";
$result = mysql_query($query);
 
while($row = mysql_fetch_array($result)) {
$id = $row['id'];
$title = trim(stripslashes($row['title']));
 
if ($c_page == $id) {
$active = ' class="active_port"';
} else {
$active = '';
}
 
$port_nav .= '<li'.$active.'><a href="portfolio.php?p='.$id.'">'.$title.'</a></li>';
}
//----------------------------------------------------
 
//----------------------------------------------------
//GET PORTFOLIO HEADER image
$query2  = "SELECT * FROM photos WHERE category = '$c_page'";
$result2 = mysql_query($query2);
 
while($row = mysql_fetch_array($result2)) {
$imageID = $row['id'];
$alt = trim(stripslashes($row['alt']));
$img_title = trim(stripslashes($row['title']));
$filename = $row['filename'];
list($width, $height, $type, $attr) = getimagesize('photos/'.$filename);
}
 
if (!$filename) {
$filename = 'not_available.jpg';
}
 
$header_img = '<img src="photos/'.$filename.'" alt="'.$alt.'" title="'.$img_title.'" '.$attr.' />';
//----------------------------------------------------

 

 

 

We have not made any changes to the page and it was working. I did not do the original coding and am not very familiar with PHP. Any help is greatly appreciated.

Link to comment
Share on other sites

I have modified your code so it will output an error if the query returned no results or an error

<?php 

//GET PRIMARY PORTFOLIO ID IF NONE CAPTURED
if (!$c_page)
{
	// Query #1
	$query  = "SELECT id FROM gallery_rooms ORDER BY sort ASC LIMIT 1";
	if($result = mysql_query($query))
	{
		if(mysql_num_rows($result))
		{
			$row = mysql_fetch_assoc($result);
			$c_page = $row['id'];
		}
		else
		{
			echo 'Query #1 returned no results!';
		}
	}
	else
	{
		echo 'Database query #1 has failed - ' . mysql_error();
	}
}
//----------------------------------------------------
 
//----------------------------------------------------
//FORMAT PORTFOLIO SIDE NAV
$port_nav = '';
 
// Query #2
$query  = "SELECT id, title FROM gallery_rooms ORDER BY sort ASC";
if($result = mysql_query($query))
{
	if(mysql_num_rows($result))
	{
		while($row = mysql_fetch_array($result))
		{
			$id = $row['id'];
			$title = trim(stripslashes($row['title']));
			 
			if ($c_page == $id) {
				$active = ' class="active_port"';
			} else {
				$active = '';
			}
			 
			$port_nav .= '<li'.$active.'><a href="portfolio.php?p='.$id.'">'.$title.'</a></li>';
		}
        }
	else
	{
		echo 'Query #2 returned no results!';
	}
}
else
{
	echo 'Database query #2 has failed - ' . mysql_error();
}
//----------------------------------------------------
 
//----------------------------------------------------
//GET PORTFOLIO HEADER image
$query  = "SELECT * FROM photos WHERE category = '$c_page'";
// Query #3
if($result = mysql_query($query))
{
	if(mysql_num_rows($result))
	{
		while($row = mysql_fetch_array($result))
		{
			$imageID = $row['id'];
			$alt = trim(stripslashes($row['alt']));
			$img_title = trim(stripslashes($row['title']));
			$filename = $row['filename'];
			list($width, $height, $type, $attr) = getimagesize('photos/'.$filename);
		}
        }
	else
	{
		echo 'Query #3 returned no results!';
	}
}
else
{
	echo 'Database query #3 has failed - ' . mysql_error();
}
 
if (!$filename) {
$filename = 'not_available.jpg';
}
 
$header_img = '<img src="photos/'.$filename.'" alt="'.$alt.'" title="'.$img_title.'" '.$attr.' />';
Edited by Ch0cu3r
Link to comment
Share on other sites

Well, we know what the issue is... I'm now getting the message:

 

Database query #1 has failed - No database selectedDatabase query #2 has failed - No database selectedDatabase query #3 has failed - No database selected

 

Not sure what to look for now.

Edited by jannmirch
Link to comment
Share on other sites

If this script is not being included in another script that is running, then you are definitely missing your database connection/selection code.

 

There should be the following somewhere before any of your other mysql_xxx functions:

 

// values replaced with the real values
mysql_connect('host','username','password');
mysql_select_db('database');
However.. given the error message you posted.. it *sounds* like you actually do have a mysql_connect() somewhere (and it connects properly - if not then you should be getting some kind of "resource not found", "access denied" or "link to server could not be established" error). Which means.. either you are missing the mysql_select_db() call, or providing an invalid database name (which means your database name was either renamed or deleted).

 

Since you said it was working before and suddenly stopped.. my guess is one of the following happened:

 

1) someone has changed your database name (be it the name specified in mysql_select_db, or the database name itself, within an interface like phpmyadmin or on command line)

2) you have been hacked.

 

But again.. you said nobody has touched it. You should make sure of this, because the alternative (#2) is much worse. If you are super lucky, it's #1. In that case, look for your mysql_select_db() call and also look at your database (via phpmyadmin or on command line). Make sure they are the same. If they are not, then someone changed it. Now the question is.. who changed it. If you're super lucky, someone who already had access changed it and you just weren't informed (not that this is a good thing, but it's much better than the alternative). If you are not so lucky, someone has changed it because #2 has happened. And on that note...

 

Looking at your code.. you really aren't doing anything to prevent sql injection (stipslashes will not prevent it), so it is very likely #2 happened, and you firstly need to immediately comment out all mysql_xxx calls. Then you need to investigate what damage has been done and do a complete server security audit. Since you said you only know just enough to be dangerous, I would highly recommend you hire a professional to do this for you.

 

And regardless, this script needs to be updated to be more secure. Even if you got lucky and it's #1, this script can easily be hacked.

Link to comment
Share on other sites

I inherited this project and the original programmer is long gone...We've had other issues with sloppy code too.

 

I think I'm thinking I'm just going to convert the portfolio to a WordPress install, which we have set up already for the blog. It seems simpler than trying to reverse engineer someone else's code... And since we have been wanting to do this for a while it seems like now's the time!

 

Thanks for the help.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.