PHP Help!

[Gibbo]

Hey, wondering if any pro can help me , I get these errors in my article.php file and I need help fixing them.

Line 16 starts at " $amount_get "
Line 20 starts at " while($row "

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/ryangib1/public_html/files/newsys(undercon)/article.php on line 16

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/ryangib1/public_html/files/newsys(undercon)/article.php on line 20

<?php

$amount_get = mysql_query("SELECT * FROM comment WHERE articleid='" . $_GET['id'] . "'"); $comments = mysql_num_rows($amount_get);

$grab = mysql_query("SELECT * FROM articles WHERE id='" . $_GET['id'] . "' LIMIT 1");

while($row = mysql_fetch_array($grab)){

?>

 

[Joopie]

It's mysql_query doesn't return a resource but a exception.

I know you don't see it.
But when your query is wrong, It returns false which is an boolean.

So check your query ^,^

EDIT: Please filter your $_GET's to prevent sql injections.

 

[Gibbo]

It's mysql_query doesn't return a resource but a exception.

I know you don't see it.
But when your query is wrong, It returns false which is an boolean.

So check your query ^,^

Mmm, i get that error when doing article.php?id=' so its ovs unsecure

 

[Joopie]

Try filtering it with mysql_real_escape_string

Also, if you search only with intergers, you can filter the input value with filter_var($_GET['id'], FILTER_VALIDATE_INT);

 

[Gibbo]

Try filtering it with mysql_real_escape_string

Also, if you search only with intergers, you can filter the input value with filter_var($_GET['id'], FILTER_VALIDATE_INT);

Ooo, thanks, worked perfect " Likes "

 

[Predict]

$amount_get = mysql_query("SELECT * FROM comment WHERE articleid='" . $_GET['id'] . "'");

if (mysql_num_rows($amount_get) == 0)
{

//IF NOT FOUND ID​

}
else
{

$grab = mysql_query("SELECT * FROM articles WHERE id='" . $_GET['id'] . "' LIMIT 1");​

while($row = mysql_fetch_array($grab))​

{​

//CODE​

}​

}

------

Try something like that. Joopie does have a point about sql injection.

 

[Gibbo]

$amount_get = mysql_query("SELECT * FROM comment WHERE articleid='" . $_GET['id'] . "'");

if (mysql_num_rows($amount_get) == 0)
{

//IF NOT FOUND ID​

}
else
{

$grab = mysql_query("SELECT * FROM articles WHERE id='" . $_GET['id'] . "' LIMIT 1");​

while($row = mysql_fetch_array($grab))​

{​

//CODE​

}​

}

------

Try something like that. Joopie does have a point about sql injection.

Yeah, I used to always use that method, I use the current now as its more neat . Sorted the problem now, it was something to do with my configuration, thanks for helping guys

 

[Markshall]

Yeah, I used to always use that method, I use the current now as its more neat . Sorted the problem now, it was something to do with my configuration, thanks for helping guys

It may be neater, but personally I'd rather have full functionality over neatness of my code although I do prefer my code looking as tidy as possible.
It's probably only going to be you viewing the code anyway so it shouldn't be that big of a deal when it's compared with functionality.

Anyway, thread creator stated the problem is solved, thread closed.