mysql_fetch_array() expects parameter 1 to be resource, boolean given PHP

Question

hello guys i am new here and i am having a hard time in analyzing this code. an error keeps on showing and i dont know what to do.

mysql_fetch_array() expects parameter 1 to be resource, boolean given

this happens everytime i use the search. any ideas?

    if(isset($_POST['search']))//if search
    {   
        if(($_POST['year']) && ($_POST['month']) && ($_POST['day']))
        $_SESSION['select']= mysql_query("SELECT * FROM ".$_SESSION['dbtable3']." WHERE eyear = '".$_POST['year']."' AND emonth = '".$_POST['month']."' AND edate = '".$_POST['day']."' ;" or die(mysql_error()));

        else if(($_POST['year']) && ($_POST['month']))
        $_SESSION['select']=mysql_query("SELECT * FROM ".$_SESSION['dbtable3']." WHERE eyear = '".$_POST['year']."' AND emonth = '".$_POST['month']."' ;" or die(mysql_error()));

        else if(isset($_POST['year']))
        $_SESSION['select']= mysql_query("SELECT * FROM ".$_SESSION['dbtable3']." WHERE eyear = '".$_POST['year']."' ;" or die(mysql_error()));

        else if(!$_POST['year'])
        die("FILL IN AT LEAST THE YEAR");

        else
        die("Date not found"); 


        if($_POST['year'])
            while($select2 = mysql_fetch_array($_SESSION['select']))
            {
                $n1 = $select2[0];
                $n2 = $select2[1];
                $n3 = $select2[2]."-".$select2[3]."-".$select2[4];

                echo
                "<tr>
                <td width=\"30px\"> $n1</td>
                <td width=\"30px\"> $n2</td>
                <td width=\"30px\"> $n3</td>
                </tr>";
            }

**Your code is vulnerable to SQL injection.** You *really* should be using [prepared statements](http://stackoverflow.com/a/60496/623041), into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of [Bobby Tables](http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain). — eggyal, Aug 30 '12 at 13:14
[So many duplicates](http://stackoverflow.com/search?q=mysql_fetch_array%28%29+expects+parameter+1+to+be+resource%2C+boolean+given) — Mike B, Aug 30 '12 at 13:15
Also, as stated in [the introduction](http://www.php.net/manual/en/intro.mysql.php) to the PHP manual chapter on the `mysql_*` functions: *This extension is not recommended for writing new code. Instead, either the [mysqli](http://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](http://www.php.net/manual/en/ref.pdo-mysql.php) extension should be used. See also the [MySQL API Overview](http://www.php.net/manual/en/mysqlinfo.api.choosing.php) for further help while choosing a MySQL API.* — eggyal, Aug 30 '12 at 13:15
Please be aware that the `mysql_xxx()` functions are considered obsolete. You should switch to `mysqli_xx()` equivalents. (this also gives you the ability to use prepared statements, which isn't possible with the functions you're using now. — Spudley, Aug 30 '12 at 13:16

score 0 · Answer 1 · answered Aug 30 '12 at 13:14

0

Each of your mysql_query() lines is wrong. You should close the parentheses before adding or die().

This would be why you're getting a boolean instead of dieing with the error.

answered Aug 30 '12 at 13:14

Niet the Dark Absol

311,322
76
447
566

score 0 · Answer 2 · answered Aug 30 '12 at 13:14

$_SESSION['select']= mysql_query("SELECT * FROM ".$_SESSION['dbtable3']." WHERE eyear = '".$_POST['year']."' AND emonth = '".$_POST['month']."' AND edate = '".$_POST['day']."' ;" or die(mysql_error()));

should be

$_SESSION['select']= mysql_query("SELECT * FROM ".$_SESSION['dbtable3']." WHERE eyear = '".$_POST['year']."' AND emonth = '".$_POST['month']."' AND edate = '".$_POST['day']."' ;") or die(mysql_error());

That is, the or die(mysql_error()) should be outside mysql_query.

That, or you're SQL injecting yourself through your un-sanitized POST parameters.

score 0 · Answer 3 · answered Aug 30 '12 at 13:15

0

Yes, the error says everything

You do with

while($select2 = mysql_fetch_array($_SESSION['select']))

Use

$result = mysql_fetch_array($_SESSION['select']));

if($result) {
// go to while
} else {
  mysql_error();
}

answered Aug 30 '12 at 13:15

Snake Eyes

15,519
32
105
203

score 0 · Answer 4 · edited Jun 20 '20 at 09:12

There is a problem in your query:

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.

Alto, there is a problem in your code: get rid of mysql_* functions for PDO or msqli_*, ad they are deprecated:

Suggested alternatives

Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_query()

PDO::query()

mysql_fetch_array() expects parameter 1 to be resource, boolean given PHP

4 Answers4