PHP While Loop Help- "Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result......"

Question

Beware, I am a coding n00b and just got a basic PHP assignment. I keep getting this error message when I try to open this up

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in /home/jpl8ce/public_html/php_grocery1.php on line 20

Here is my .php and .html files that go with what I'm doing. Basically, its a grocery database where I'm trying to print the store hours, address, and name of the store that has the item that the user inputs in the form.

<html>
<head>
<title>Grocery Results!</title>
</head>
<body>
<h1>
<?php
$connect = mysqli_connect("localhost","jpl8ce","jpl8ce@siedb","grocery");
$item_name = $_post["input1"];

$query_String = " SELECT Stores.Name, Price, Address, Open_Time, Close_Time
FROM (Stores JOIN Carry ON Stores.Store_ID = Carry.Store_ID) JOIN Items ON Carry.Product_ID = Items.Product_ID
WHERE Items.name = $item_name
ORDER BY Close_Time DESC";


$result = mysqli_query($connect, $query_String);

while ($row = mysqli_fetch_assoc($result)) 
{

echo '<P>'.$row["Stores.Name"].', '.'</P>'; 
//echo '$' number_format($row["Price"],2).', ';
echo '<P>'.$row["Address"] .', '.'</P>';
echo '<P>'.$row["Open_Time"] .', '.'</P>';
echo '<P>'.$row["Close_Time"].'</P>';
}

mysqli_close($connect);  
?>
</h1>
</body>
</html>

Here is my HTML code

<html>
<head>
<title>Grocery Database Search</title>
</head>
<body>
<H1> Grocery Database Search! </H1>
<IMG SRC='grocery_cart_2.jpg'/>
<P> Use this Search Engine to input a name of an item.
After clicking the Search button, the price of the item, as well as the address and hours of the store 
the item is located at will be displayed. </P>

<form action="php_grocery1.php" method="POST">
<p>Item: <input type="text" name="input1"/></p>
<p><input type="submit" value="Search!"/></p>
</form>
</body>
</html>

Thanks again guys!

Answer 1

I see some issues with your code:

• All superglobals must be in uppercase. Replace $_post["input1"]; with $_POST["input1"];
• Your query is vulnerable to SQL injection attacks. Whenever you want to place user-submitted data into a query, use an escaping function, like mysql_real_escape_string() (see PHP doc here).
• Also, strings passed to a SQL query must be inside single quotes (note the \' escaped quotes below)

• In order to precisely detect the problem (which is probably happening , you should add error handling code, like this:

  <html>
      <head>
          <title>Grocery Results!</title>
      </head>
      <body>
          <?php
              if(!$connect = mysqli_connect("localhost","jpl8ce","jpl8ce@siedb","grocery"))
                  die('Error connecting to DB!: ' . mysql_error());
  
              $item_name = $_POST["input1"];
  
              $query_String = 'SELECT Stores.Name, Price, Address, Open_Time, Close_Time
                  FROM (Stores JOIN Carry ON Stores.Store_ID = Carry.Store_ID) JOIN Items ON Carry.Product_ID = Items.Product_ID
                  WHERE Items.name = \'' . mysql_real_escape_string($item_name) . '\' ORDER BY Close_Time DESC';
  
              if(!$result = mysqli_query($connect, $query_String))
                  die('Error on query: ' . mysql_error($connect));
  
              while ($row = mysqli_fetch_assoc($result)) {
                  echo '<P>' . $row["Stores.Name"] . ', ' . '</P>';
                  //echo '$' number_format($row["Price"],2).', ';
                  echo '<P>' . $row["Address"] . ', ' . '</P>';
                  echo '<P>' . $row["Open_Time"] . ', ' . '</P>';
                  echo '<P>' . $row["Close_Time"] . '</P>';
              }
  
              mysqli_close($connect);
          ?>
      </body>
  </html>
  

Hope this helps.