This question already has an answer here:
Im new (start today) with PHP and MySQL to one of my mini projects. i have my db and i make a PHP code to get user_id and score from the table but i get this errors and i don't know how to get ride of them: you can see in the end that im getting my requested response.
Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in /home/marathon/domains/marathon-il.com/public_html/Apps/million/view_all.php on line 15
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /home/marathon/domains/marathon-il.com/public_html/Apps/million/view_all.php on line 18 {"success":0,"message":"new_user"}
this is my getinfo.php:
<?php
$response = array();
require_once __DIR__ . '/db_connect.php';
$db = new DB_CONNECT();
$user = $_POST['userid'];
$result = mysql_fetch_array("SELECT * FROM users WHERE user_id = '$user'");
// check for empty result
if (mysql_num_rows($result) > 0){
$userinfo = array();
$userinfo["user_score"] = $result["score"];
$userinfo["user_date"] = $result["date"];
$response['info']= $userinfo;
$response["success"] = 1;
echo json_encode($response);;
}
else {
$response["success"] = 0;
$response["message"] = "new_user";
echo json_encode($response);
}
?>
please help to fix it - thanks.
</div>
you have to actually execute the query first. try looking up mysql_query
$result = mysql_query("SELECT * FROM users WHERE user_id = '$user'")
$ar = mysql_fetch_array($result);
mysql_fetch_array expects a result object from a call from mysql_query
it should be something like $result = mysql_query("SELECT......."); $var = mysql_fetch_array($result);
The proper way to use the mysql_fetch_array function is below. Note that we execute the query first which creates a resource object. We then pass that object into the mysql_fetch_array and mysql_num_rows functions:
$result = mysql_query("SELECT * FROM users WHERE user_id = '$user'") or die(mysql_error());
while($row=mysql_fetch_array($result)){
$userinfo = array();
$userinfo["user_score"] = $row["score"];
....
}
Similarly you should use mysql_num_rows as below (assuming the $result object is already created):
$numRows = mysql_num_rows($result);
Note you should not use the mysql_* functions but should learn the mysqli functions.
In your current code, you never actually run the query against the database. You must use mysql_query() before you can use mysql_num_rows() or mysql_fetch_array(). Because you are not passing a result set resource to these function you are getting an error.
Try this:
$sql_result = mysql_query("SELECT * FROM users WHERE user_id = '$user'");
if (false === $sql_result) {
// query failed for some reason
throw new Exception('Query failed with error: ' . mysql_error());
}
$rows = mysql_num_rows($sql_result);
$result = array();
if ($rows > 1) {
// too many rows were returned
throw new Exception('Too many rows returned');
} else if (mysql_num_rows($result) === 1){
$result = mysql_fetch_array($result);
// continue with rest of your code
You should absolutely look at using mysqli or PDO instead of mysql functions. I only responded with an answer to show you what the logical steps are (which would be similar for mysqli or PDO) and how you should actually handle all the possible outcomes from each database function. Make sure you have error handling in there. It will save you lots of time down the line when trying to troubleshoot issues with you queries, database connections, etc.
You also need to look at your SQL injection vulnerability as you are not escaping the input at all.