0

I am facing very weird problem. mysql_query return true instead of Resource ID for SELECT.

$query =  "SELECT s.id, s.lesson_code, l.lesson_name, t.teacher_name 
           FROM student_comment s 
           LEFT JOIN classes l 
             ON s.lesson_code = l.lesson_code 
           LEFT JOIN teacher t 
             ON s.teacher_id = t.id 
           WHERE s.school_id = '" .$_GET['school_id']. "' 
           ORDER BY s.id DESC";

However; when I execute this query in phpMyAdmin it gives me exact result. But same query gives me following error in PHP page.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\web\htdocs\test\home\question.php on line 33
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\web\htdocs\test\home\question.php on line 35
Giacomo1968
  • 24,837
  • 11
  • 67
  • 96
  • 1
    add the complete code !! – Abhik Chakraborty Apr 12 '14 at 15:34
  • Your query failed. You need to check mysql_error() to find out why. FYI, you are wide open to [SQL injections](http://stackoverflow.com/q/60174) – John Conde Apr 12 '14 at 15:34
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 12 '14 at 15:35
  • I'd be very surprised if it did return `true`, it' much more likely to return `false` – Mark Baker Apr 12 '14 at 15:45

2 Answers2

0
$query =  "SELECT s.id, s.lesson_code, l.lesson_name, t.teacher_name 
           FROM student_comment s 
           LEFT JOIN classes l 
           ON s.lesson_code = l.lesson_code 
           LEFT JOIN teacher t 
           ON s.teacher_id = t.id 
           WHERE s.school_id = '" .$_GET['school_id']. "' 
           ORDER BY s.id DESC";

$exe = mysql_query($query) or die(mysql_error());

while($fetch = mysql_fetch_array($exe))
{
    echo '<pre>'; print_r($fetch);
}
Parag Tyagi
  • 8,401
  • 3
  • 39
  • 45
  • First of all i want to thank every one who answer. I have used $_GET for this question normally there is myqyl_real_escape_string method there. Anyway, Parag Tyagi your code works fine but i want to know why your code works while mine is failed. –  Apr 12 '14 at 16:00
  • escaping is not enough. use mysqli instead of mysql, prepare your statement, and then bind the parameter. – RobP Apr 12 '14 at 16:11
0

The query would return false not true (boolean).

http://in1.php.net/mysqli_query

Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

In most probability your parameter $_GET['school_id'] could be wrong, in case the query isn't wrongly formatted.

Use mysqli instead of mysql, but with similar logic as in Parag's answer.

Santosh Achari
  • 2,874
  • 6
  • 27
  • 50