This question already has an answer here:
My code throws the warning for the search code. Warning is SCREAM: Error suppression ignored for ( ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\test\search.php on line 15
The code is
<html>
<head>
</head>
<body>
<?php
mysql_connect("localhost","root","") or die (mysql_error());
mysql_select_db("list") or die (mysql_error());
if(empty($_POST) === false)
{
$data=$_POST['criteria'];
$get=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where fname='.$data);
if (mysql_num_rows($get)==0)
{
echo 'There are no search results!!';
}
else
{
echo '<table border=0 cellspacing=25 cellpadding=1>';
echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';
while($get_row=mysql_fetch_assoc($get))
{
echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';
}
echo '</table>';
}
/*
if(mysql_num_rows($getf) == 0)
{
$getel=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where lname='.$_GET['$data']));
}*/
}
echo '<form action="" method="post">';
echo '<input type="text" name=criteria>';
echo '<input type="submit" value="search" name="submit">';
echo '</form>';
?>
</body>
</html>
</div>
thats because your sql is failing and $get is false. Try this:
$get=mysql_query("SELECT SRNO, fname, lname, phone, email, address, comments from names where fname='" . mysql_real_escape_string($data) . "'");
notice that I also added mysql_real_escape_string which will keep you from crying when someone decides to attack your site with sql injection. Also you should consider not using mysql_* functions and switch to prepared statements since those functions are deprecated.
Something is wrong with your query. Try:
$get = mysql_query("SELECT SRNO, fname, lname, phone, email, address, comments from names where fname = '" . mysql_real_escape_string($data) . "'");
Needed to surround fname in quotes because it's a string.
Also, your script it open to sql injection. You should look into using PDO.
function mysql_query return FALSE on error try
if ($get) {
if (mysql_num_rows($get)==0) {
...
} else {
echo mysql_error();
}
Assuming that $get is a boolean and it's false then mysql_query() is likely returning false.
From the manual: http://php.net/manual/en/function.mysql-query.php
For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.
For other type of SQL statements, INSERT, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error.
The returned result resource should be passed to mysql_fetch_array(), and other functions for dealing with result tables, to access the returned data.
Use mysql_num_rows() to find out how many rows were returned for a SELECT statement or mysql_affected_rows() to find out how many rows were affected by a DELETE, INSERT, REPLACE, or UPDATE statement.
mysql_query() will also fail and return FALSE if the user does not have permission to access the table(s) referenced by the query.