0

i have an error in diplaying data with special character on it. i want to display this word "C'har" then mysql_fetch_array() error occur.

here is my full code: 

<?php
header('Content-Type:text/html; charset=UTF-8');

$con = mysql_connect("localhost","root","") or die ("Cannot Connect to Server");
mysql_select_db("sarangani",$con) or die ("Cannot Connect to database");


$result = mysql_query("SELECT * from fes_category");

echo "<form method=\"post\" id=\"selct\" name=\"selct\">";

while($row = mysql_fetch_array($result))
{

    $new = "<input type=\"submit\" id=\"ss\" name=\"ss\" value='".htmlspecialchars($row['fes_name'], ENT_QUOTES)."' class=\"ss\">";
    echo $new;

}


echo "<input type=\"text\" name=\"subs\" id=\"subs\">";
echo "<input type=\"submit\" name=\"sub\" id=\"sub\">";
echo "</form>";

    if(isset($_POST['ss']))
    {


    $sel = $_POST['ss'];
    $results = mysql_query("SELECT fes_name from fes_category WHERE fes_name='".$sel."'");
    $row = mysql_fetch_array($results);
    if($sel == $row['fes_name'])
    {
        echo $sel;
    }
    }

?>

xerwudjohn
  • 61
  • 1
  • 10
  • 1
    Obligatory `mysql_*` functions are deprecated and your code is blatantly vulnerable to mysql injection exploits please seriously consider using prepared statements with mysqli or PDO to avoid these massive security holes. – Bad Wolf Aug 18 '13 at 03:35
  • 1
    As for your problem, there is an error in your mysql query causing the `mysql_query()` function to return `FALSE`. The `mysql_fetch_array()` function is expecting a query result and not a boolean hence the error. – Bad Wolf Aug 18 '13 at 03:36
  • can you give me an example code so that i will understand more? i'm just only a student. – xerwudjohn Aug 18 '13 at 03:42
  • Are you escaping your inputs while saving it to database? – Konsole Aug 18 '13 at 03:45

1 Answers1

-1

You can't put 2 of<input type='submit' ... inside <form></form> it will create confusion for browsers and users.

it might possible your query return 0 row

$results = mysql_query("SELECT fes_name from fes_category WHERE fes_name='".$sel."'");

please put this, to check whenever your SELECT statement expect return some records

if(mysql_num_rows($results) > 0) <-- this query
{
    if($sel == $row['fes_name'])
    {
       echo $sel;
    }
}
else
{
    echo 'Doesn't return any records!';
}

As you know you put some apostrophe signs inside text box, you need to use addslashes($_POST['ss']) before execute query.

Naoki
  • 1
  • 2
  • thank you!! it works! thanks Naoki! – xerwudjohn Aug 18 '13 at 03:53
  • @xerwudjohn, Do NOT use MySQL_* API?? -1 for this answer. – Starx Aug 18 '13 at 03:55
  • @Starx, `can you give me an example code so that i will understand more? i'm just only a student. – xerwudjohn`. He just mention, it used for his study case. and i know, mysql_* have some securities issue, and you suggest him using mysqli or PDO. – Naoki Aug 18 '13 at 04:04
  • @Naoki so i will use mysqli or PDO for this? alright. i'll try to use mysqli or PDO for this. Starx and Naoki thanks for helping me – xerwudjohn Aug 18 '13 at 04:11
  • @xerwudjohn, yes you need to learn advanced for securities purposes. What i got to you, it just basic, even i still using that. =) – Naoki Aug 18 '13 at 04:25
  • @Naoki, It would have been better if you had given good issue free example. MySQLi is not that different, its almost same using procedural methods. – Starx Aug 18 '13 at 15:36