开发者

MySQL: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource [duplicate]

问答 作者:
This question already has answers here: 开发者_如何学Go Closed 10 years ago.

Possible Duplicate:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result

I have this bug:

mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/marlon/domains/webmasterplaats.nl/public_html/edit.php on line 36

This is the code: 

    <?php
    $ip = $_SERVER['REMOTE_ADDR'];
    $toegang[] = '86.91.195.26';
    $toegang[] = '84.86.189.70';

    $valid = true;
    if(in_array($ip, $toegang) || isset($valid))
    {
 if(isset($_GET['id']))
 {
  if($_SERVER['REQUEST_METHOD'] == 'POST')
  {
   mysql_query("UPDATE news SET titel='" . mysql_real_escape_string($_POST['titel']) . "', inhoud='" . mysql_real_escape_string($_POST['edit2']) . "' WHERE id='" . mysql_real_escape_string($_GET['id']) . "'");

   echo 'Met success geupdate.' ;
  }
   $database = mysql_connect('localhost','marlonhe19','123456789asd');
   mysql_select_db('wmp', $database);

  $id = $_GET['id'];

  $mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

  while($row = mysql_fetch_assoc($mysql)){
   $id = $row['id'];
   $titel = $row['titel'];
   $inhoud = $row['inhoud'];

  echo '
  <form id="form1" name="form1" method="post" action="">
  <input type="text" name="titel" value="$titel" /><br />
  <textarea name="edit2">$inhoud</textarea> <br />
  <input type="submit" name="Submit" value="Opslaan" />';
    }
    }
    }

What's the problem?

Warning: SQL injection possible. It looks like your query failed.

Replace this:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

With:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;") or die(mysql_error());

You should make your own error handling function, it's prefferable to display an error message, without exiting immediately.

You don't need a semi colon(;) in:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

Since you are passing a ;, the query execution fails and mysql_query return false and not an object. When you pass false to mysql_fetch_assoc it gives the error that you are getting.

Always add error check:

$mysql = mysql_query("SELECT * FROM news WHERE id='$id'") or die(mysql_error());

Looks like your DB selection part has a problem. Add error checking to that aswell:

EDIT:

mysql_select_db('wmp', $database) or die(mysql_error());

You should check for errors, eg.

$news_result = mysql_query("SELECT * FROM news WHERE id='$id'")
                   or die("Query failed: ".mysql_error());

In addition, you should name your query result variables something sensible, i.e. not $mysql and you should be using bind variables to protect against SQL injection. Consider a query string of the following:

page.php?id='+OR+'1'='1

Have you tried running the query from mysql prompt. Looks like query returns error. Try changing your line

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;");

to

$mysql = mysql_query("SELECT * FROM news WHERE id='$id' ;") or die(mysql_error());

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9