-3

This is my code

<?php 
    $result = mysql_query("SELECT * FROM post WHERE username = ".$username." ORDER BY ID DESC ");
    while($row = mysql_fetch_array($result)){ 
    ?>
        <div class="post">
            <a href="/p/<?php echo $row['ID']; ?>" class="post-title"><?php echo $row['title']; ?> - (Rating: <?php echo $row['rank']; ?>)</a>
            <p class="post-content"><?php echo $row['description']; ?><br /><br />On <?php echo $row['date']; ?></p>
        </div>
    <?php }; ?>

But I get this error:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /*/programs/user.php on line 77

Mahmoud Gamal
  • 75,299
  • 16
  • 132
  • 159
Blease
  • 1,274
  • 3
  • 37
  • 61
  • It is, when I run a search on PHPMyAdmin and show the PHP code, this is what I get: $sql = "SELECT * FROM `vb_posts` WHERE `username` = \'joshblease\' ORDER BY `ID` DESC"; – Blease Oct 14 '12 at 14:01
  • use strip slashes on $username, also run query outside PHP and check if its returning something. – Riz Oct 14 '12 at 14:03

2 Answers2

3

I suspect that you forgot it to wrap it with single quotes

$result = mysql_query("SELECT * 
                       FROM post 
                       WHERE username = '".$username."' 
                       ORDER BY ID DESC ");

but you are still vulnerable with sql injection. Please take time to read on the article below

Best way to prevent SQL injection in PHP?

Community
  • 1
  • 1
John Woo
  • 249,283
  • 65
  • 481
  • 481
  • somewhat similar on this one [mysql_fetch_array() expects parameter 1 to be resource, boolean given in select](http://stackoverflow.com/questions/2973202/mysql-fetch-array-expects-parameter-1-to-be-resource-boolean-given-in-select) – John Woo Oct 14 '12 at 14:06
0

mysql_query() returns a boolean FALSE if there was an error. So there was an error in your SELECT statement.

You should check if $result === FALSE before trying to do something with $result. If $result === FALSE, use mysql_error() to find out more about what went wrong.

Note that mysql_query() and other mysql_* functions are deprecated. Move to mysqli_* or PDO functions/methods instead. One great feature of PDO and mysqli_* is prepared statements. They will help you avoid SQL injection attacks.

Trott
  • 59,820
  • 22
  • 153
  • 197