By iamjonesy


2010-06-04 10:18:08 8 Comments

I am trying to select data from a MySQL table, but I get one of the following error messages:

mysql_fetch_array() expects parameter 1 to be resource, boolean given

or

mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given

or

Call to a member function fetch_array() on boolean / non-object

This is my code:

$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');

while($row = mysql_fetch_array($result)) {
    echo $row['FirstName'];
}

The same applies to code like

$result = mysqli_query($mysqli, 'SELECT ...');
// mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given
while( $row=mysqli_fetch_array($result) ) {
    ...

and

$result = $mysqli->query($mysqli, 'SELECT ...');
// Call to a member function fetch_assoc() on a non-object
while( $row=$result->fetch_assoc($result) ) {
    ...

and

$result = $pdo->query('SELECT ...', PDO::FETCH_ASSOC);
// Invalid argument supplied for foreach()
foreach( $result as $row ) {
    ...

and

$stmt = $mysqli->prepare('SELECT ...');
// Call to a member function bind_param() on a non-object
$stmt->bind_param(...);

and

$stmt = $pdo->prepare('SELECT ...');
// Call to a member function bindParam() on a non-object
$stmt->bindParam(...);

30 comments

@Paul Spiegel 2019-04-06 22:18:48

Traditionally PHP has been tolerant to bad practice and failures in code, which makes debugging quite hard. The problem in this specific case is that both mysqli and PDO by default don't tell you, when a query failed and just return FALSE. (I will not talk about the depricated mysql extention. The support for prepared statements is reason anough to switch either to PDO or mysqli.) But you can change the default behavior of PHP to always throw exceptions when a query fails.

For PDO: Use $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

error_reporting(E_ALL);

$pdo = new PDO("mysql:host=localhost;dbname=test", "test","");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$result = $pdo->query('select emal from users');
$data = $result->fetchAll();

This will show you the following:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42S22]: Column not found: 1054 Unknown column 'emal' in 'field list'' in E:\htdocs\test\mysql_errors\pdo.php on line 8

PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'emal' in 'field list' in E:\htdocs\test\mysql_errors\pdo.php on line 8

As you see, it tells you exactly, what is wrong with the query, and where to fix it in your code.

Without $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); you will get

Fatal error: Call to a member function fetchAll() on boolean in E:\htdocs\test\mysql_errors\pdo.php on line 9

For mysqli: Use mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

error_reporting(E_ALL);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'test', '', 'test');

$result = $mysqli->query('select emal from users');
$data = $result->fetch_all();

You will get

Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'Unknown column 'emal' in 'field list'' in E:\htdocs\test\mysql_errors\mysqli.php on line 8

mysqli_sql_exception: Unknown column 'emal' in 'field list' in E:\htdocs\test\mysql_errors\mysqli.php on line 8

Without mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); you only get

Fatal error: Call to a member function fetch_all() on boolean in E:\htdocs\test\mysql_errors\mysqli.php on line 10

Of course, you could manually check the MySQL errors. But I would go crazy if I had to do that every time I made a typo - or worse - every time I want to query the database.

@Engr Zardari 2014-01-21 04:21:46

Usually an error occurs when your database conectivity fails, so be sure to connect your database or to include the database file.

include_once(db_connetc.php');

OR

// Create a connection
$connection = mysql_connect("localhost", "root", "") or die(mysql_error());

//Select database
mysql_select_db("db_name", $connection) or die(mysql_error());

$employee_query = "SELECT * FROM employee WHERE `id` ='".$_POST['id']."'";

$employee_data = mysql_query($employee_query);

if (mysql_num_rows($employee_data) > 0) {

    while ($row = mysql_fetch_array($employee_data)){
        echo $row['emp_name'];
    } // end of while loop
} // end of if
  • Best practice is to run the query in sqlyog and then copy it into your page code.
  • Always store your query in a variable and then echo that variable. Then pass to mysql_query($query_variable);.

@Phil 2014-01-21 05:06:18

1) You don't know if I have or have not voted on any answer here, up or down. 2) As I explained in my first comment; your answer doesn't reference the problem (boolean passed to mysql_fetch_array) and you have syntax errors

@Phil 2014-01-21 05:35:07

You have incorrect quotes in both your code examples. The syntax highlighting applied to your second code block is a dead give-away that something is wrong

@Brad 2014-12-07 17:31:48

This code is subject to SQL injection and should not be used. @EngrZardari if you are using this code on your production systems, you have undoubtedly been hacked and should remedy the situation buy using prepared/parameterized queries with PDO or similar. There are bots that have automated testing for such vulnerabilities.

@Funk Forty Niner 2018-11-20 18:51:24

@EngrZardari About your "there is no any error, i have pasted here code which i currently using." comment above. There was a missing quote in the query which I corrected. That would have thrown a (PHP) parse error.

@Edward Dale 2010-06-04 10:19:19

A query may fail for various reasons in which case both the mysql_* and the mysqli extension will return false from their respective query functions/methods. You need to test for that error condition and handle it accordingly.

mysql_* extension:

NOTE The mysql_ functions are deprecated and have been removed in php version 7.

Check $result before passing it to mysql_fetch_array. You'll find that it's false because the query failed. See the mysql_query documentation for possible return values and suggestions for how to deal with them.

$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '$username'");

if($result === FALSE) { 
    die(mysql_error()); // TODO: better error handling
}

while($row = mysql_fetch_array($result))
{
    echo $row['FirstName'];
}

mysqli extension
procedural style:

$username = mysqli_real_escape_string($mysqli, $_POST['username']);
$result = mysqli_query($mysqli, "SELECT * FROM Users WHERE UserName LIKE '$username'");

// mysqli_query returns false if something went wrong with the query
if($result === FALSE) { 
    yourErrorHandler(mysqli_error($mysqli));
}
else {
    // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
    foreach( $result as $row ) {
        ...

oo-style:

$username = $mysqli->escape_string($_POST['username']);
$result = $mysqli->query("SELECT * FROM Users WHERE UserName LIKE '$username'");

if($result === FALSE) { 
    yourErrorHandler($mysqli->error); // or $mysqli->error_list
}
else {
    // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
    foreach( $result as $row ) {
      ...

using a prepared statement:

$stmt = $mysqli->prepare('SELECT * FROM Users WHERE UserName LIKE ?');
if ( !$stmt ) {
    yourErrorHandler($mysqli->error); // or $mysqli->error_list
}
else if ( !$stmt->bind_param('s', $_POST['username']) ) {
    yourErrorHandler($stmt->error); // or $stmt->error_list
}
else if ( !$stmt->execute() ) {
    yourErrorHandler($stmt->error); // or $stmt->error_list
}
else {
    $result = $stmt->get_result();
    // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
    foreach( $result as $row ) {
      ...

These examples only illustrate what should be done (error handling), not how to do it. Production code shouldn't use or die when outputting HTML, else it will (at the very least) generate invalid HTML. Also, database error messages shouldn't be displayed to non-admin users, as it discloses too much information.

@2ndkauboy 2010-06-04 10:28:32

Right, but using a die() if the query fails is a little to much.

@Edward Dale 2010-06-04 10:29:32

I was going to design an entire error handling mechanism for the OP, but decided that might be beyond the scope of my answer.

@Sepster 2013-04-23 22:17:27

@scompt.com Yes it's also covered in several other answers. I guess I was just making the point that since this is the accepted answer on a high visibility question, in addition to the (excellent) advice about how to properly catch errors in future, it should (IMHO) actually answer the specific question (ie explain why there's an error in this case).

@anestv 2014-06-17 12:52:49

Instead of if($result === FALSE) you can use if(! $result). Correct me if I'm wrong

@Greg 2014-12-25 17:24:36

mysql_query(): The mysql extension is deprecated and will be removed in the future: use mysqli

@Suresh Ratten 2015-04-28 06:05:06

Try This

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysqli_query('SELECT * FROM Users WHERE UserName LIKE $username');

if($result){
while($row = mysqli_fetch_array($result))
{
    echo $row['FirstName'];
}
}

@Manoj Kumar 2015-05-25 04:57:28

@panjehra mysql_* is depricated now and will removed from php 7 . Use mysqli_* instead

@nik 2010-06-04 10:24:54

Error occurred here was due to the use of single quotes ('). You can put your query like this:

mysql_query("
SELECT * FROM Users 
WHERE UserName 
LIKE '".mysql_real_escape_string ($username)."'
");

It's using mysql_real_escape_string for prevention of SQL injection. Though we should use MySQLi or PDO_MYSQL extension for upgraded version of PHP (PHP 5.5.0 and later), but for older versions mysql_real_escape_string will do the trick.

@Matteo Riva 2010-06-04 16:53:09

Why adding noise with string concatenation instead of just putting the variable in the query string?

@nik 2012-08-07 07:32:55

@Matteo Riva Yeah, but I thought this is little cleaner way to separate variables from string. :)

@Dennis Kiptugen 2015-10-04 20:40:19

since $username is a php variable we need to pass it as string to mysqli so since in the query u started with a single quote we will use the double quote, single quote and a fullstop for the concatination purposes ("'.$username.'") if you started with a double quote you would then reverse the quotes ('".$username."').

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE "'.$username.'"');

while($row = mysql_fetch_array($result))
     {
      echo $row['FirstName'];
     }

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '".$username."' ");

while($row = mysql_fetch_array($result))
     {
      echo $row['FirstName'];
     }

but use of Mysql has depreciated much, use PDO instead.it is simple but very secure

@Dennis Kiptugen 2015-10-04 20:48:06

But Mysql use has depreciated. you can use PDO instead. Let me give you a sample login.

@SpacePhoenix 2018-04-12 20:28:11

Passwords should NEVER EVER be stored in plain text form, make use of the built in fucntions that PHP has for dealing with the hashing of passwords and the verifying of hashed passwords!

@Jay Blanchard 2015-08-05 20:53:42

Any time you get the...

"Warning: mysqli_fetch_object() expects parameter 1 to be mysqli_result, boolean given"

...it is likely because there is an issue with your query. The prepare() or query() might return FALSE (a Boolean), but this generic failure message doesn't leave you much in the way of clues. How do you find out what is wrong with your query? You ask!

First of all, make sure error reporting is turned on and visible: add these two lines to the top of your file(s) right after your opening <?php tag:

error_reporting(E_ALL);
ini_set('display_errors', 1);

If your error reporting has been set in the php.ini you won't have to worry about this. Just make sure you handle errors gracefully and never reveal the true cause of any issues to your users. Revealing the true cause to the public can be a gold engraved invitation for those wanting to harm your sites and servers. If you do not want to send errors to the browser you can always monitor your web server error logs. Log locations will vary from server to server e.g., on Ubuntu the error log is typically located at /var/log/apache2/error.log. If you're examining error logs in a Linux environment you can use tail -f /path/to/log in a console window to see errors as they occur in real-time....or as you make them.

Once you're squared away on standard error reporting adding error checking on your database connection and queries will give you much more detail about the problems going on. Have a look at this example where the column name is incorrect. First, the code which returns the generic fatal error message:

$sql = "SELECT `foo` FROM `weird_words` WHERE `definition` = ?";
$query = $mysqli->prepare($sql)); // assuming $mysqli is the connection
$query->bind_param('s', $definition);
$query->execute();

The error is generic and not very helpful to you in solving what is going on.

With a couple of more lines of code you can get very detailed information which you can use to solve the issue immediately. Check the prepare() statement for truthiness and if it is good you can proceed on to binding and executing.

$sql = "SELECT `foo` FROM `weird_words` WHERE `definition` = ?";
if($query = $mysqli->prepare($sql)) { // assuming $mysqli is the connection
    $query->bind_param('s', $definition);
    $query->execute();
    // any additional code you need would go here.
} else {
    $error = $mysqli->errno . ' ' . $mysqli->error;
    echo $error; // 1054 Unknown column 'foo' in 'field list'
}

If something is wrong you can spit out an error message which takes you directly to the issue. In this case there is no foo column in the table, solving the problem is trivial.

If you choose, you can include this checking in a function or class and extend it by handling the errors gracefully as mentioned previously.

@Amjad Omari 2013-02-25 13:33:40

Try this, it must be work, otherwise you need to print the error to specify your problem

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * from Users WHERE UserName LIKE '$username'";
$result = mysql_query($sql,$con);

while($row = mysql_fetch_array($result))
{
    echo $row['FirstName'];
}

@deceze 2013-02-25 13:39:06

1) Wide open to SQL injection, 2) does not include error handling which is causing the error in OP's case.

@Sepster 2013-04-23 12:54:40

+1. @deceze Yes it is wide open. But no more so that the OP's or the accepted answerer's code ;-) And it's not the lack of error handling in the OP's code causing the error... it's the error, and this answer at least attempts to resolve that (by putting single quotes around the string literal in the LIKE expression).

@asim-ishaq 2013-05-04 19:08:33

+1 Please add a space between LIKE and '$username', rest appears to be fine except the SQL injection. Why not use = instead of LIKE operator username must be exactly matched

@Manoj Kumar 2015-04-16 06:53:00

Don't use the depricated mysql_* function (depricated in php 5.5 will be removed in php 7). and you can make this with mysqli or pdo

here is the complete select query

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "SELECT id, firstname, lastname FROM MyGuests";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        // code here 
    }
} else {
    echo "0 results";
}
$conn->close();
?>

@Dennis Kiptugen 2015-04-06 18:01:37

<?php
      $username = $_POST['username'];
       $password = $_POST['password'];

     $result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '".mysql_real_escape_string($username)."'")or die(mysql_error());
while($row=mysql_fetch_array($result))
  {
 echo $row['FirstName'];
 }
 ?>

@Mithun Debnath 2014-11-26 11:12:03

You can try this code. I found it earlier when I was encountered a problem similar to yours.

if (isset($_GET['q1mrks']) && isset($_GET['marks']) && isset($_GET['qt1'])) {
$Q1mrks = $_GET['q1mrks'];
$marks = $_GET['marks'];
$qt1 = $_GET['qt1'];

$qtype_qry = mysql_query("
    SELECT *
    FROM s_questiontypes
    WHERE quetype_id = '$qt1'
");
$row = mysql_fetch_assoc($qtype_qry);
$qcode = $row['quetype_code'];

$sq_qry = "
    SELECT *
    FROM s_question
    WHERE quetype_code = '$qcode'
    ORDER BY RAND() LIMIT $Q1mrks
";
$sq_qry = mysql_query("
    SELECT *
    FROM s_question
    WHERE quetype_code = '$qcode'
    LIMIT $Q1mrks
");
while ($qrow = mysql_fetch_array($sq_qry)) {
    $qm = $qrow['marks'] . "<br />";
    $total += $qm . "<br />";
}
echo $total . "/" . $marks;
}

@Brad 2014-12-07 17:28:15

This code is wide open to SQL injection attacks, and does not actually solve the problem posed in the question.

@Durairaj 2013-10-30 05:11:06

Include a connection string variable before the MySQL query. For example, $connt in this code:

$results = mysql_query($connt, "SELECT * FROM users");

@John Conde 2012-07-26 17:00:06

This error message is displayed when you have an error in your query which caused it to fail. It will manifest itself when using:

  • mysql_fetch_array/mysqli_fetch_array()
  • mysql_fetch_assoc()/mysqli_fetch_assoc()
  • mysql_num_rows()/mysqli_num_rows()

Note: This error does not appear if no rows are affected by your query. Only a query with an invalid syntax will generate this error.

Troubleshooting Steps

  • Make sure you have your development server configured to display all errors. You can do this by placing this at the top of your files or in your config file: error_reporting(-1);. If you have any syntax errors this will point them out to you.

  • Use mysql_error(). mysql_error() will report any errors MySQL encountered while performing your query.

    Sample usage:

    mysql_connect($host, $username, $password) or die("cannot connect"); 
    mysql_select_db($db_name) or die("cannot select DB");
    
    $sql = "SELECT * FROM table_name";
    $result = mysql_query($sql);
    
    if (false === $result) {
        echo mysql_error();
    }
    
  • Run your query from the MySQL command line or a tool like phpMyAdmin. If you have a syntax error in your query this will tell you what it is.

  • Make sure your quotes are correct. A missing quote around the query or a value can cause a query to fail.

  • Make sure you are escaping your values. Quotes in your query can cause a query to fail (and also leave you open to SQL injections). Use mysql_real_escape_string() to escape your input.

  • Make sure you are not mixing mysqli_* and mysql_* functions. They are not the same thing and cannot be used together. (If you're going to choose one or the other stick with mysqli_*. See below for why.)

Other tips

mysql_* functions should not be used for new code. They are no longer maintained and the community has begun the deprecation process. Instead you should learn about prepared statements and use either PDO or MySQLi. If you can't decide, this article will help to choose. If you care to learn, here is good PDO tutorial.

@Funk Forty Niner 2017-05-05 12:17:09

Given this question today stackoverflow.com/q/43804651/1415724 and other similar ones lately; I think it may be worthwhile to update your answer to contain something like "That error can also be caused by not executing the query with mysql_query() / mysqli_query($connection) etc."; thoughts? Since no other answers in this Q&A mentions this.

@user1012181 2014-11-08 13:36:00

If you don't have any MySQL Error appearing while checking, make sure that you properly created your database table. This happened to me. Look for any unwanted commas or quotes.

@Gears.of.Codes 2013-07-21 16:20:27

$query = "SELECT Name,Mobile,Website,Rating FROM grand_table order by 4";

while( $data = mysql_fetch_array($query))
{
    echo("<tr><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td></tr>");      
}

Instead of using a WHERE query, you can use this ORDER BY query. It's far better than this for use of a query.

I have done this query and am getting no errors like parameter or boolean.

@Brad 2014-12-07 17:29:02

Remember to use htmlspecialchars() when using arbitrary data in the context of HTML. Otherwise, you risk creating valid HTML when reserved characters are used in the data.

@A.Aleem11 2014-10-13 15:07:02

Make Sure You're Not Closing Database By using db_close() Before To Running Your Query:

If you're using multiple queries in a script even you're including other pages which contains queries or database connection, then it might be possible that at any place you use db_close() that would close your database connection so make sure you're not doing this mistake in your scripts.

@Ritesh d joshi 2014-04-28 08:52:13

Try this code it work fine

assign the post variable to the variable

   $username = $_POST['uname'];

   $password = $_POST['pass'];

  $result = mysql_query('SELECT * FROM userData WHERE UserName LIKE $username');

if(!empty($result)){

    while($row = mysql_fetch_array($result)){
        echo $row['FirstName'];
     }
}

@Brad 2014-12-07 17:29:21

This code is subject to SQL injection attacks and should not be used.

@2ndkauboy 2010-06-04 10:31:54

As scompt.com explained, the query might fail. Use this code the get the error of the query or the correct result:

$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query("
SELECT * FROM Users 
WHERE UserName LIKE '".mysql_real_escape_string($username)."'
");

if($result)
{
    while($row = mysql_fetch_array($result))
    {
        echo $row['FirstName'];
    }
} else {
    echo 'Invalid query: ' . mysql_error() . "\n";
    echo 'Whole query: ' . $query; 
}

See the documentation for mysql_query() for further information.

The actual error was the single quotes so that the variable $username was not parsed. But you should really use mysql_real_escape_string($username) to avoid SQL injections.

@Janak Prajapati 2013-09-19 08:39:14

<?php
    $username = $_POST['username'];
    $password = $_POST['password'];
    $result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '".$username."'");

    while($row = mysql_fetch_array($result))
    {
        echo $row['FirstName'];
    }
?>

And if there is a user with a unique user name, you can use "=" for that. There is no need to like.

Your query will be:

mysql_query("SELECT * FROM Users WHERE UserName ='".$username."'");

@Brad 2014-12-07 17:32:32

This code is wide open to SQL injection and should not be used.

@Anuj Garg 2015-06-29 10:11:46

@Brad Why this code is wide open to sql injection?

@Brad 2015-06-29 14:19:26

@AnujGarg This code takes direct input and concatenates it into the query. Someone could write their own SQL in the post data for username and it will be executed.

@Anuj Garg 2015-06-29 18:10:20

So what to use to prevent the code from SQL injection?

@Omdev 2013-07-06 13:02:09

Check your connection first.

Then if you want to fetch the exact value from the database then you should write:

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName =`$usernam`");

Or you want to fetch the LIKE type of value then you should write:

$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '%$username%'");

@Brad 2014-12-07 17:33:09

This code is wide open to SQL injection and should not be used.

@ravi 2013-05-30 07:40:16

Try the following code. It may work fine.

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName ='$username'");

while($row = mysql_fetch_array($result))
{
    echo $row['FirstName'];
}

@Brad 2014-12-07 17:33:30

This code is subject to SQL injection and should not be used.

@asim-ishaq 2013-05-04 18:57:48

There might be two reasons:

  1. Have you opened the connection to the database prior to calling mysql_query function? I don't see that in your code. Use mysql_connect before making the query. See php.net/manual/en/function.mysql-connect.php

  2. The variable $username is used inside a single quote string, so its value will not be evaluated inside the query. The query will definitely fail.

Thirdly, the structure of query is prone to SQL injection. You may use prepared statements to avoid this security threat.

@user2155518 2013-04-29 10:24:45

First, check your connection to the database. Is it connected successfully or not?

If it's done, then after that I have written this code, and it works well:

if (isset($_GET['q1mrks']) && isset($_GET['marks']) && isset($_GET['qt1'])) {
    $Q1mrks = $_GET['q1mrks'];
    $marks = $_GET['marks'];
    $qt1 = $_GET['qt1'];

    $qtype_qry = mysql_query("
        SELECT *
        FROM s_questiontypes
        WHERE quetype_id = '$qt1'
    ");
    $row = mysql_fetch_assoc($qtype_qry);
    $qcode = $row['quetype_code'];

    $sq_qry = "
        SELECT *
        FROM s_question
        WHERE quetype_code = '$qcode'
        ORDER BY RAND() LIMIT $Q1mrks
    ";
    $sq_qry = mysql_query("
        SELECT *
        FROM s_question
        WHERE quetype_code = '$qcode'
        LIMIT $Q1mrks
    ");
    while ($qrow = mysql_fetch_array($sq_qry)) {
        $qm = $qrow['marks'] . "<br />";
        $total += $qm . "<br />";
    }
    echo $total . "/" . $marks;
}

@Brad 2014-12-07 17:34:14

Do not use this code. It is wide open to SQL injection attacks.

@kolexinfos 2012-09-06 15:32:01

If you tried everything here, and it does not work, you might want to check your MySQL database collation. Mine was set to to a Swedish collation. Then I changed it to utf8_general_ci and everything just clicked into gear.

I hope this helps someone.

@Dip Pokhrel 2013-05-10 13:46:27

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '%$username%'") or die(mysql_error());

while($row = mysql_fetch_array($result))
{
    echo $row['FirstName'];
}

Sometimes suppressing the query as @mysql_query(your query);

@Brad 2014-12-07 17:34:44

Do not use this code. It is wide open to SQL injection attacks.

@user2835116 2013-10-01 13:48:50

Go to your config.php. I had the same problem. Verify the username and the password, and also sql select is the same name as the config.

@user28864 2013-12-15 20:27:05

You can also check wether $result is failing like so, before executing the fetch array

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');
if(!$result)
{
     echo "error executing query: "+mysql_error(); 
}else{
       while($row = mysql_fetch_array($result))
       {
         echo $row['FirstName'];
       }
}

@Brad 2014-12-07 17:35:29

Do not use this code. It is wide open to SQL injection attacks.

@user28864 2014-12-08 12:28:51

But if the code works, I feel you should edit the code and input the needed filters instead of castigating the code.

@Brad 2014-12-08 14:28:15

Simple usage of filters will not fix what is wrong with this code. The best solution is to use prepared/parameterized queries with PDO or similar. I don't see any point in fixing it, as the correct answer has already been posted here. Ideally, this answer will be deleted. However, you are welcome to fix your answer and I will happily up-vote it if it is correct.

@user28864 2014-12-08 20:34:36

Well, if you feel the answer isn't worth considering you can go ahead and get read of it. However, I thought the whole point of this community is to share and contribute knowledge. If you have something to share instead of showing and putting people off.

@Brad 2014-12-08 20:44:31

You are correct, the whole point of this community is to share knowledge. That's why added explanation with my downvote, and further explained why your filter suggestion was not sufficient. I'd much prefer to alert you, along with anyone else who finds your answer, that the code above is insecure. It's better for everyone to learn the correct methods rather than perpetuating bad code. And, I cannot delete your answer, nor would I. That's up to you, if you choose to do so.

@Enis P. Aginić 2013-04-23 09:34:24

This query should work:

$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '%$username%'");
while($row = mysql_fetch_array($result))
{
    echo $row['FirstName'];
}

The problem is single quotes, thus your query fails and returns FALSE and your WHILE loop can't execute. Using % allows you to match any results containing your string (such as SomeText-$username-SomeText).

This is simply an answer to your question, you should implement stuff mentioned in the other posts: error handling, use escape strings (users can type anything into the field, and you MUST make sure it is not arbitrary code), use PDO instead mysql_connect which is now depricated.

@yasin 2012-04-25 05:14:07

Please check once the database selected are not because some times database is not selected

Check

mysql_select_db('database name ')or DIE('Database name is not available!');

before MySQL query and then go to next step

$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');

f($result === FALSE) {
    die(mysql_error());

@derokorian 2012-01-08 03:48:24

$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');

You define the string using single quotes and PHP does not parse single quote delimited strings. In order to obtain variable interpolation you will need to use double quotes OR string concatenation (or a combination there of). See http://php.net/manual/en/language.types.string.php for more information.

Also you should check that mysql_query returned a valid result resource, otherwise fetch_*, num_rows, etc will not work on the result as is not a result! IE:

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');

if( $result === FALSE ) {
   trigger_error('Query failed returning error: '. mysql_error(),E_USER_ERROR);
} else {
   while( $row = mysql_fetch_array($result) ) {
      echo $row['username'];
   }
}

http://us.php.net/manual/en/function.mysql-query.php for more information.

@Brad 2014-12-07 17:36:20

Do not use this code, even if you add quotes. It is wide open to SQL injection attacks.

Related Questions

Sponsored Content

34 Answered Questions

[SOLVED] Reference - What does this error mean in PHP?

3 Answered Questions

[SOLVED] php script echoing part of the php instead of what intended

  • 2012-07-30 04:02:38
  • Bundy
  • 283 View
  • 2 Score
  • 3 Answer
  • Tags:   php mysql pdo

1 Answered Questions

[SOLVED] mysqli issue getting connected

  • 2012-09-07 20:31:15
  • CsharpBeginner
  • 56 View
  • 0 Score
  • 1 Answer
  • Tags:   php mysql

1 Answered Questions

mysql_num_rows() expects parameter 1 to be resource, boolean given in

  • 2014-11-17 13:58:27
  • Zincktest
  • 192 View
  • -2 Score
  • 1 Answer
  • Tags:   php mysql

3 Answered Questions

[SOLVED] Error: mysql_fetch_array() expects parameter 1 to be resource, boolean

  • 2014-03-17 19:58:40
  • user3430444
  • 105 View
  • -1 Score
  • 3 Answer
  • Tags:   php arrays

2 Answered Questions

[SOLVED] Warning: mysql_num_rows() expects parameter 1 to be resource,

  • 2010-08-08 14:06:35
  • piku
  • 60429 View
  • 13 Score
  • 2 Answer
  • Tags:   php mysql

4 Answered Questions

[SOLVED] Warning: mysql_fetch_row() expects parameter 1 to be resource

  • 2011-08-18 19:54:05
  • ipengineer
  • 38694 View
  • 5 Score
  • 4 Answer
  • Tags:   php mysql

1 Answered Questions

[SOLVED] MYSQL_FETCH_ARRAY parameter resource error.

  • 2011-11-04 01:41:06
  • user1022772
  • 118 View
  • 2 Score
  • 1 Answer
  • Tags:   php mysql

1 Answered Questions

[SOLVED] Warning: mysql_fetch_array() expects parameter 1 to be resource [...]

  • 2011-03-29 09:37:04
  • Gabriele
  • 975 View
  • 2 Score
  • 1 Answer
  • Tags:   php mysql

Sponsored Content