-4

Possible Duplicate:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in

showing the error:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\task2\ajax\editfrom.php on line 6

the code is, 

<?php
    $sql = ('select * from task_table where id='.$_POST['id']);

        $row = mysql_fetch_array(mysql_query($sql));
?>
Community
  • 1
  • 1
user1446994
  • 1
  • 1
    Did you open the connection prior to making this call? What's happening before you reach this point? – spinon Jun 19 '12 at 06:16
  • 2
    Don't build SQL by mashing strings together. Don't use `mysql_*` functions in PHP. [Be safe when you use SQL](http://bobby-tables.com/). – Quentin Jun 19 '12 at 06:18

3 Answers3

1

You don't need the () for string $sql.

if id is a number type, then you should do like:

$sql = 'select * from task_table where id='.(int)$_POST['id'];

Or if id is String type, then you should do like:

$sql = "select * from task_table where id='" . mysql_real_escape_string($_POST['id']) . "'";

And at last, you need the error check.

$ret = mysql_query($sql);
if (!$ret) {
  die mysql_error();
}
$row = mysql_fetch_array($ret);
xdazz
  • 154,648
  • 35
  • 237
  • 264
0

You have to open the mysql connection http://de.php.net/mysql_connect

mysql_connect('localhost', 'mysql_user', 'mysql_password');
David
  • 3,848
  • 9
  • 48
  • 98
0

Try to do this code, and you'll see all your mistakes:

<?php
    mysql_connect('localhost', 'mysql_user', 'mysql_password') or die ("Couldn't connect to database.");
    mysql_select_db('my_database');
    $query = sprintf("SELECT * FROM `task_table` WHERE id='%s'",
    mysql_real_escape_string($_POST['id']));
    $result = mysql_query($query);
    var_dump($result);
    while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
        sprintf("c1: %s  c2: %s", $row[0], $row[1]);
    }
?>

Note, that in your example you not filtered your POST data and it's a vulnerability.

GOsha
  • 709
  • 5
  • 13