0

I am pulling threads from a db, 

$getthreads = mysql_query("SELECT * from threads WHERE subcat=" . $thread . "") or die(mysql_error());
while ($threads = mysql_fetch_array($getthreads)) {
if (mysql_num_rows($threads) > 0) {

Warning: mysql_num_rows() expects parameter 1 to be resource, array given in C:\xampp\htdocs\views\threads.php on line 30

but there is stuff in the db with correct info, here's my $threads var:

$thread = isset($_GET['thread']) ? $system->escape($_GET['thread']) : null;

does anything look wrong why it should be giving me that error?

  • $threads is actyally not a `resource`, you cannot use `mysql_num_rows` with it. You don't need that if in a cycle, it will end if row is empty – baldrs Jan 25 '14 at 14:43
  • See [this answer](http://stackoverflow.com/a/11674313/250259) for how to troubleshoot this. – John Conde Jan 25 '14 at 14:46

4 Answers4

1
$Query = "SELECT * from threads WHERE subcat='".mysql_real_escape_string($thread)."'";
$getthreads = mysql_query($Query) or die(mysql_error());

if (mysql_num_rows($getthreads) > 0) {

mysql_num_rows Parameters: The result resource that is being evaluated. This result comes from a call to mysql_query().

PS use mysqli or pdo, mysql is deprecated

Alireza Fallah
  • 4,581
  • 3
  • 29
  • 57
Simone Nigro
  • 4,374
  • 2
  • 28
  • 63
0

My guess is that subcat is a string variable. If so, this might work:

SELECT * from threads WHERE subcat='" . $thread . "'"

Next comes the obligatory statement that mysql_ commands are obsolete.

And next comes the point that the code is susceptible to SQL injection attacks. You should learn how to use parameters.

Gordon Linoff
  • 1,198,228
  • 53
  • 572
  • 709
  • and what's subjective to sql attacks? –  Jan 25 '14 at 14:44
  • @user3162803 . . . That means that if `$thread` has a particular value, then a user can wreak habit. See this cartoon . . . http://bobby-tables.com/. – Gordon Linoff Jan 25 '14 at 14:47
  • doesn't escaping the string matter? –  Jan 25 '14 at 14:58
  • @user3162803 . . . It does. I focused first on the most likely cause of the syntax problem, which is that lack of single quotes. Nigro's answer is better and deserves to be accepted. – Gordon Linoff Jan 25 '14 at 15:01
0

First you are using mysql_num_rows with a wrong parameter. Correct it with,

   if(mysql_num_rows($getthreads) > 0) {

    }

But, actually you don't need to do this. Loop won't run until you get any rows from the query. What I guess, you may face problems, if your query is wrong. As, I see you are assigning null value to $thread, and it seems you want to check for null in database. You shouldn't match null with = operator. Even if it seems alright in most cases, it may behave uexpectedly. You have to use 

  ... WHERE  subcat is NULL") ...

to match null values in database. With that, you have to change the logic of your code to test for null. I guess, it may be like

   ... WHERE subcat = '". mysql_real_escape_string($thread).'" OR is NULL) ...

if, I'm getting it right what you want to achieve with this code.

krisk
  • 169
  • 11
-1

Try this, Added '" . mysql_real_escape_string($thread) . "' .

mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement

$getthreads = mysql_query("SELECT * from threads WHERE subcat='" . mysql_real_escape_string($thread) . "' ") or die(mysql_error());

if (mysql_num_rows($getthreads) > 0) {
     while ($threads = mysql_fetch_array($getthreads)) {
         ....
     }
}
Krish R
  • 22,188
  • 7
  • 49
  • 57