MySql_result() expects paramater 1 to be resorce. Boolean given

Question

I am creating a banking project and I'm trying to get a way of transferring money from user to user. However Im getting a error of

Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\wamp\www\new\panel\transmoney.php on line 18

Using a lengthened version of this code:

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$amount = $_POST["amount"]; 
$recipient = $_POST["name"];
$myusername=$_SESSION['myusername'];
$value = mysql_result(mysql_query("SELECT money from members where username=" + $myusername), 0);
print($value);

Line 18 equates to

    $value = mysql_result(mysql_query("SELECT money from members where username=" + $myusername), 0);

Any ideas? Thanks

Also, I'm not willing to update to MySqli until my Web-Frontend of my project it complete however if you are able to give me a MySqli fix for this problem then It would be highly appreciated.

Change the + to a dot (.) which is the php concatenation character — Kickstart, Oct 20 '13 at 19:21
You'll also want to quote the username. That will help the immediate issue. The more serious issue is that you're not checking any return values from the query, which means that if something goes wrong, you can't handle it appropriately. You should also consider using PDO or mysqli - your code right now is very open to an SQL injection. — andrewsi, Oct 20 '13 at 19:25

score 2 · Accepted Answer · edited Oct 20 '13 at 20:09

You're trying to add the username whereas you probably want to concatenate it:

$value = mysql_result(mysql_query("SELECT money from members where username='" . $myusername . "'"), 0);

Or you can using string interpolation:

$value = mysql_result(mysql_query("SELECT money from members where username='{$myusername}'"), 0);

Either way, just ensure that $myusername is safe prior to running the query. Since you aren't using MySQLi yet, you should do mysql_real_escape_string before the query:

$myusername = mysql_real_escape_string($myusername);
$value = mysql_result(mysql_query("SELECT money from members where username='{$myusername}'"), 0);

MySQLi

Here is the same code in MySQLi, although mine returns an associative array:

<?php
$mysqli = new mysqli($host, $username, $password, $db_name);

if ($mysqli->connect_errno) {
    die('Cannot connect to database');
}

$stmt = $mysqli->prepare("SELECT money FROM members WHERE username=?");
$stmt->bindParam('s', $myusername);
$stmt->execute();

$results = $stmt->get_result();

while($money = $results->fetch_assoc()) {
    print_r($money);
}

$mysqli->close();

score 0 · Answer 2 · answered Oct 20 '13 at 20:18

Avoid constructions like this:

mysql_result(mysql_query(...))

The mysql_query() function is not guaranteed to return a resource. It returns false on error, and you should check for this every time and report the error. Otherwise you have no idea what went wrong, and you have to post to StackOverflow to find out. :-P

if (($result = mysql_query(...)) === false) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$value = mysql_result($result, 0);

As @rink.attendant.6 shows, the root cause of the error is that you're using + as a string-concatenation operator, which is just not valid in PHP. It's okay in Java and some other languages.

And other folks have commented that you should use SQL parameters for dynamic values, instead of doing string concatenation. Then you don't have to worry about quotes around the dynamic value.

MySql_result() expects paramater 1 to be resorce. Boolean given

2 Answers2

MySQLi