</div>
</div>
<div class="grid--cell mb0 mt4">
<a href="/questions/2973202/mysql-fetch-array-mysql-fetch-assoc-mysql-fetch-row-mysql-num-rows-etc" dir="ltr">mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc… expects parameter 1 to be resource</a>
<span class="question-originals-answer-count">
(31 answers)
</span>
</div>
<div class="grid--cell mb0 mt8">Closed <span title="2014-01-16 07:27:02Z" class="relativetime">6 years ago</span>.</div>
</div>
</aside>
I have a problem when I insert $q in the "SELECT * FROM table LIMIT '".$q."'";
HTML code: the html code saved in "ajax.php" file.
<html>
<head>
<script>
function showUser(str)
{
if (str=="")
{
document.getElementById("txtHint").innerHTML="";
return;
}
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","getuser.php?q="+str,true);
xmlhttp.send();
}
</script>
<meta charset="utf-8">
</head>
<body>
<form>
<select name="users" onchange="showUser(this.value)">
<option value="">Select a person:</option>
<option value="1">Peter Griffin</option>
<option value="2">Lois Griffin</option>
<option value="3">Glenn Quagmire</option>
<option value="4">Joseph Swanson</option>
</select>
</form>
<br>
<div id="txtHint"><b>Person info will be listed here.</b></div>
</body>
</html>
and PHP code: this php code saved in "getuser.php" in the same directory with html code.
<?php
$q = intval($_GET['q']);
$m = 2;
$con = mysqli_connect('localhost','root','','net');
mysqli_select_db($con,"members");
$sql="SELECT * FROM members LIMIT '".$q."'";
$result = mysqli_query($con,$sql);
echo "<table border='1'>
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Age</th>
<th>Hometown</th>
<th>Job</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['password'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['family'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
in output show this messege:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\php2\admin\test\getuser.php on line 30
but when i insert "SELECT * FROM members LIMIT 2" It work successfully
</div>
You must not escape Integer Values in SQL-Queries. I would write:
$sql = "SELECT * FROM members LIMIT " . (int)$q . ";";
this code is extremly dangerous you are allowing anyone to inject into your database. you need to clean the variable first, also there is no need to concat the statement if your using simply double quotes. the $x woudl be interpreted correctly.
function clean_data($string) {
$string = trim($string);
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = strip_tags($string);
return html_entity_decode($string, ENT_QUOTES);
}
$x = clean_data($_GET['q');
$q = "SELECT * FROM members LIMIT $x";