query help

[LostinGA]

I know my query is wrong I just need fresh eyes on it to tell me what's wrong.  I am generating errors for lines 50 and 57. 

	//Make the paginated query;
	$query = "SELECT * FROM Company LIMIT $start, $display"; 
	$result = @mysql_query ($query);

	//Table header:
	echo "<table cellpadding=5 cellspacing=5 border=1><tr>
	<th>Company</th><th>Product</th><th>City</th><th>State</th></tr>"; 

	//Fetch and print all the records...
	while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
		echo "<tr><td>".$row['Company_Name']."</td>"; 
		echo "<td>".$row['Product_Type']."</td>"; 
		echo "<td>".$row['City']."</td>";
		echo "<td>".$row['State']."</td>";
	} // End of While statement
	echo "</table>"; 
	mysql_free_result ($result); // Free up the resources.         
	mysql_close(); // Close the database connection.

[requinix]

mysql_error. Really.

 

And you should be using mysqli or PDO instead of the mysql extension and its functions: PDO and mysqli are all-around better replacements to use, and even better they won't be removed any time soon (which is more than can be said about mysql).

[Clarkey]

$result = mysql_query($query) or die(mysql_error());

[Jacques1]

Please don't use this die(mysql_error()) stuff. I understand this has almost become a meme in the PHP world, but if you think about it, it's downright harmful.

 

Internal database error messages are not meant for end users. They contain technical information about your database which are simply none of the users' business. When you display them on the screen, you irritate legitimate users and at the same time make life easier for attackers.

 

PHP already has an error mechanism: trigger_error(). This will send the message to the right source according to the PHP configuration. On a development machine, you'll want to see the message right on the screen. In a live environment, you do not want it on the screen but in a log file.

 

But the real solution is of course to drop the legacy functions altogether as already suggested by requinix.