selliottsxm Posted May 27, 2014 Share Posted May 27, 2014 Hi, I'm very new to php and to mysql and I was hoping someone would be kind enough to give me a hand. I'm trying to write a query that returns only one record set. I'll paste what I have below and the error. I'm sure that I am doing something wrong that is right in front of my face but for the life of me I can't figure it out. The relevant part of the code is: require_once ('../mysqli_connect.php');$movie_id = $_GET['movie_id'];$q = "SELECT * FROM movies WHERE movie_id = $movie_id";$r = mysqli_query($dbc, $q);echo'<table cols="2" width="1100px" align="center"><tr><td align="left" width="240px"><img src="img/boxcovers/small/movie_' . $r['movie_id'] .'_small.jpg"></td><td></td></tr> The error I'm getting is: PHP Fatal error: Cannot use object of type mysqli_result as array Help! Quote Link to comment https://forums.phpfreaks.com/topic/288816-problems-with-a-simple-recordset/ Share on other sites More sharing options...
selliottsxm Posted May 27, 2014 Author Share Posted May 27, 2014 Got it : require_once ('../mysqli_connect.php');$movie_id = $_GET['movie_id'];$q = mysqli_query($dbc,"SELECT * FROM movies WHERE movie_id = $movie_id");$r = mysqli_fetch_array($q); Quote Link to comment https://forums.phpfreaks.com/topic/288816-problems-with-a-simple-recordset/#findComment-1481071 Share on other sites More sharing options...
Ch0cu3r Posted May 27, 2014 Share Posted May 27, 2014 You have left yourself wide open for SQL injection attacks. You should never trust any user input. Before using any input in your query you should at least validate and sanitize it require_once ('../mysqli_connect.php'); // make sure movie_id request param exist and that is a number if(isset($_GET['movie_id']) && ctype_digit($_GET['movie_id'])) // validate { // cast the value of move_id to a integer $movie_id = intval($_GET['movie_id']); // sanitize $q = mysqli_query($dbc,"SELECT * FROM movies WHERE movie_id = $movie_id"); $r = mysqli_fetch_array($q); } Or a better alternative would be to use prepared statements Quote Link to comment https://forums.phpfreaks.com/topic/288816-problems-with-a-simple-recordset/#findComment-1481080 Share on other sites More sharing options...
selliottsxm Posted May 27, 2014 Author Share Posted May 27, 2014 Thanks very much for the advice. I really appreciate it! Quote Link to comment https://forums.phpfreaks.com/topic/288816-problems-with-a-simple-recordset/#findComment-1481083 Share on other sites More sharing options...
Ch0cu3r Posted May 27, 2014 Share Posted May 27, 2014 As a tip you may want to also look at the inbuilt filter library for sanitizing/validating user input Quote Link to comment https://forums.phpfreaks.com/topic/288816-problems-with-a-simple-recordset/#findComment-1481085 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.