Home/ Questions/Q 7040719
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T01:57:06+00:00

Possible Duplicate: php warning mysql_fetch_assoc i am just implementing a simple part of my

  • 0

Possible Duplicate:
php warning mysql_fetch_assoc

i am just implementing a simple part of my website that just takes a variable from the header(subid) checks it with the database and then outputs the other fields related to the variable.

However i am getting this error – 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/admin/public_html/report.php on line 14
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/home/admin/public_html/log/log_274b43e6ad_New Text Document (7).txt.txt' at line 1

Here is the code for my page that does it all

include 'connect_to_mysql.php';
$sql_header = mysql_query("SELECT * FROM system");
$header_array = mysql_fetch_assoc($sql_header);
$total_scans = $header_array['total_scans'];
$malware_detected = $header_array['malware_detected'];
$total_users = $header_array['total_users'];

$report_id = $_GET['log'];
var_dump($report_id);
$sql_report = mysql_query("SELECT * FROM logs WHERE log_name='$report_id");
var_dump($sql_report);
$report_array = mysql_fetch_assoc($sql_report) or die(mysql_error());
$file_name = $report_array['file_name'];
$file_size = $report_array['file_size'];
$submission_date = $report_array['submission_date'];
$result = $report_array['result'];
$status = $report_array['status'];

Any ideas on what could be wrong? I have tried everything and checked my database, all the names are correct and everything, i even checked the $report_id variable in the database and it matches, so i am not sure why it is getting an error.

Thanks for the help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your code it not doing any error checking, so it’s no surprise the query breaks silently when it fails. Check for errors and it will tell you what is going wrong – how to do it is outlined in the manual on mysql_query() or in this reference question.. Example:

    $sql_report = mysql_query("SELECT * FROM logs WHERE log_name='$report_id");

// Bail out on error 
if (!$sql_report)  
  { 
    trigger_error("Database error: ".mysql_error(), E_USER_ERROR); 
    die();
   }

    In your specific case, you are missing a closing ' in

    WHERE log_name='$report_id")

    Also, the code you show is vulnerable to SQL injection. You need to escape every value you use like so:

    $report_id = mysql_real_escape_string($_GET['log']);

    for this to work, you need to put every value in your query into quotes.

    • 0