Jump to content

Recommended Posts

Here my querry that I have a problem with:

 

$dbl1      = "SELECT * FROM PHPAUCTIONXL_swopboards

WHERE posterid= '".$_SESSION["PHPAUCTION_LOGGED_IN"]."'

AND auction= '".$_SESSION["CURRENT_ITEM"]."'

AND enddate>='".$NOW."'

AND status!='i'

";

 

$result_dbl1 = mysql_query ($dbl1);

if ($result_dbl1)

{

$SWOPBOARDID = mysql_result($result_dbl1,0,"id");  <----line 413

}

Sometimes I get the warining:

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 65 in /var/www/web52/html/testserver/item.php on line 413

 

It seems that the problem comes when the variable '".$_SESSION["CURRENT_ITEM"]."' is not set. I was hoping, what in this case the querry just does not give any result. Is there a way to say: "If querry gives a warining than don´t show it? "

 

Link to comment
https://forums.phpfreaks.com/topic/65281-warning-if-variable-is-not-set/
Share on other sites

if you want to avoid trying to grab a result when it returns no rows, simply use mysql_num_rows() on the query's resource ID to find out how many rows it pulled.  however, if your query is an invalid resource, this function too will fail.  the better step is to not run the query at all if your $_SESSION value is empty:

 

if (!empty($_SESSION['CURRENT_ITEM']))
{
  // do the query hustle!
}

 

also, please use code tags when posting code in the future.

I forgot to mention. (Can't edit my own post)

while sending variables to an sql query use mysql_real_escape_string() to protect your database and you application from sql injection.

 

your query should be like:

<?php
$dbl1      = "SELECT * FROM PHPAUCTIONXL_swopboards 
         WHERE posterid= '".mysql_real_escape_string($_SESSION["PHPAUCTION_LOGGED_IN"])."'
         AND auction= '".mysql_real_escape_string($_SESSION["CURRENT_ITEM"])."'
         AND enddate>='".mysql_real_escape_string($NOW)."'
         AND status!='i'
         ";
?>

I forgot to mention. (Can't edit my own post)

while sending variables to an sql query use mysql_real_escape_string() to protect your database and you application from sql injection.

 

your query should be like:

<?php
$dbl1      = "SELECT * FROM PHPAUCTIONXL_swopboards 
         WHERE posterid= '".mysql_real_escape_string($_SESSION["PHPAUCTION_LOGGED_IN"])."'
         AND auction= '".mysql_real_escape_string($_SESSION["CURRENT_ITEM"])."'
         AND enddate>='".mysql_real_escape_string($NOW)."'
         AND status!='i'
         ";
?>

I am working with an existing software and customize it. So far I have not seen the "mysql_real_escape_string()" in the whole application. If you say this is not save then I hope, what my data is protected in an other way. There are many includes on the page. Perhaps this safety feature is automated (is that possible?).

 

Thanks for your suggestions!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.