jannmirch Posted October 25, 2013 Share Posted October 25, 2013 I am suddenly getting an error on a client's page: http://kajagamdesign.com/portfolio.php Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 13Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 26Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home1/kajagam/public_html/portfolio.php on line 45 Here is the code in question: //GET PRIMARY PORTFOLIO ID IF NONE CAPTURED if (!$c_page) { $query = "SELECT id FROM gallery_rooms ORDER BY sort ASC LIMIT 1"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { $c_page = $row['id']; } } //---------------------------------------------------- //---------------------------------------------------- //FORMAT PORTFOLIO SIDE NAV $port_nav = ''; $query = "SELECT id, title FROM gallery_rooms ORDER BY sort ASC"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { $id = $row['id']; $title = trim(stripslashes($row['title'])); if ($c_page == $id) { $active = ' class="active_port"'; } else { $active = ''; } $port_nav .= '<li'.$active.'><a href="portfolio.php?p='.$id.'">'.$title.'</a></li>'; } //---------------------------------------------------- //---------------------------------------------------- //GET PORTFOLIO HEADER image $query2 = "SELECT * FROM photos WHERE category = '$c_page'"; $result2 = mysql_query($query2); while($row = mysql_fetch_array($result2)) { $imageID = $row['id']; $alt = trim(stripslashes($row['alt'])); $img_title = trim(stripslashes($row['title'])); $filename = $row['filename']; list($width, $height, $type, $attr) = getimagesize('photos/'.$filename); } if (!$filename) { $filename = 'not_available.jpg'; } $header_img = '<img src="photos/'.$filename.'" alt="'.$alt.'" title="'.$img_title.'" '.$attr.' />'; //---------------------------------------------------- We have not made any changes to the page and it was working. I did not do the original coding and am not very familiar with PHP. Any help is greatly appreciated. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 25, 2013 Share Posted October 25, 2013 (edited) Usually that means either the mysql_query() before mysql_fetch_array() did not return any results or failed due to an error. Have you checked your queries return anything and that there is no errors return from mysql_query(). use msyql_error to check if there are any errors. Edited October 25, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
jannmirch Posted October 25, 2013 Author Share Posted October 25, 2013 Sorry to be obtuse... Where do I put that code? I know enough php to be dangerous. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 25, 2013 Share Posted October 25, 2013 (edited) I have modified your code so it will output an error if the query returned no results or an error <?php //GET PRIMARY PORTFOLIO ID IF NONE CAPTURED if (!$c_page) { // Query #1 $query = "SELECT id FROM gallery_rooms ORDER BY sort ASC LIMIT 1"; if($result = mysql_query($query)) { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $c_page = $row['id']; } else { echo 'Query #1 returned no results!'; } } else { echo 'Database query #1 has failed - ' . mysql_error(); } } //---------------------------------------------------- //---------------------------------------------------- //FORMAT PORTFOLIO SIDE NAV $port_nav = ''; // Query #2 $query = "SELECT id, title FROM gallery_rooms ORDER BY sort ASC"; if($result = mysql_query($query)) { if(mysql_num_rows($result)) { while($row = mysql_fetch_array($result)) { $id = $row['id']; $title = trim(stripslashes($row['title'])); if ($c_page == $id) { $active = ' class="active_port"'; } else { $active = ''; } $port_nav .= '<li'.$active.'><a href="portfolio.php?p='.$id.'">'.$title.'</a></li>'; } } else { echo 'Query #2 returned no results!'; } } else { echo 'Database query #2 has failed - ' . mysql_error(); } //---------------------------------------------------- //---------------------------------------------------- //GET PORTFOLIO HEADER image $query = "SELECT * FROM photos WHERE category = '$c_page'"; // Query #3 if($result = mysql_query($query)) { if(mysql_num_rows($result)) { while($row = mysql_fetch_array($result)) { $imageID = $row['id']; $alt = trim(stripslashes($row['alt'])); $img_title = trim(stripslashes($row['title'])); $filename = $row['filename']; list($width, $height, $type, $attr) = getimagesize('photos/'.$filename); } } else { echo 'Query #3 returned no results!'; } } else { echo 'Database query #3 has failed - ' . mysql_error(); } if (!$filename) { $filename = 'not_available.jpg'; } $header_img = '<img src="photos/'.$filename.'" alt="'.$alt.'" title="'.$img_title.'" '.$attr.' />'; Edited October 25, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
jannmirch Posted October 25, 2013 Author Share Posted October 25, 2013 (edited) Well, we know what the issue is... I'm now getting the message: Database query #1 has failed - No database selectedDatabase query #2 has failed - No database selectedDatabase query #3 has failed - No database selected Not sure what to look for now. Edited October 25, 2013 by jannmirch Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 25, 2013 Share Posted October 25, 2013 For some reason you are not connected to mysql properly in profile.php. Does any other page on your site connect to the database? Is it just profile.php that outputs these errors? Quote Link to comment Share on other sites More sharing options...
.josh Posted October 25, 2013 Share Posted October 25, 2013 If this script is not being included in another script that is running, then you are definitely missing your database connection/selection code. There should be the following somewhere before any of your other mysql_xxx functions: // values replaced with the real values mysql_connect('host','username','password'); mysql_select_db('database'); However.. given the error message you posted.. it *sounds* like you actually do have a mysql_connect() somewhere (and it connects properly - if not then you should be getting some kind of "resource not found", "access denied" or "link to server could not be established" error). Which means.. either you are missing the mysql_select_db() call, or providing an invalid database name (which means your database name was either renamed or deleted). Since you said it was working before and suddenly stopped.. my guess is one of the following happened: 1) someone has changed your database name (be it the name specified in mysql_select_db, or the database name itself, within an interface like phpmyadmin or on command line) 2) you have been hacked. But again.. you said nobody has touched it. You should make sure of this, because the alternative (#2) is much worse. If you are super lucky, it's #1. In that case, look for your mysql_select_db() call and also look at your database (via phpmyadmin or on command line). Make sure they are the same. If they are not, then someone changed it. Now the question is.. who changed it. If you're super lucky, someone who already had access changed it and you just weren't informed (not that this is a good thing, but it's much better than the alternative). If you are not so lucky, someone has changed it because #2 has happened. And on that note... Looking at your code.. you really aren't doing anything to prevent sql injection (stipslashes will not prevent it), so it is very likely #2 happened, and you firstly need to immediately comment out all mysql_xxx calls. Then you need to investigate what damage has been done and do a complete server security audit. Since you said you only know just enough to be dangerous, I would highly recommend you hire a professional to do this for you. And regardless, this script needs to be updated to be more secure. Even if you got lucky and it's #1, this script can easily be hacked. Quote Link to comment Share on other sites More sharing options...
jannmirch Posted October 25, 2013 Author Share Posted October 25, 2013 I inherited this project and the original programmer is long gone...We've had other issues with sloppy code too. I think I'm thinking I'm just going to convert the portfolio to a WordPress install, which we have set up already for the blog. It seems simpler than trying to reverse engineer someone else's code... And since we have been wanting to do this for a while it seems like now's the time! Thanks for the help. Quote Link to comment Share on other sites More sharing options...
.josh Posted October 25, 2013 Share Posted October 25, 2013 okay well that's fine and dandy, except that you are ignoring the distinct possibility that scenario #2 has happened. If scenario #2 has happened, then simply trashing the old script may not be enough. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted October 25, 2013 Share Posted October 25, 2013 Not to mention that WordPress isn't exactly known for its security.... Quote Link to comment Share on other sites More sharing options...
jannmirch Posted October 25, 2013 Author Share Posted October 25, 2013 I'll have to take that up with the hosting company. I have an inquiry in already. We opted for WordPress because we need a content management system that is easy for the client to maintain in-house. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.