0

I need help coordinating a way to use a Session[] 

$_SESSION['loginname']=jordan@yahoo.com;
$table_name=$_SESSION['loginname'];

to be the name of a table from database.

$username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = "$table_name";

I keep getting an Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in

Which is causing a problem with this set of code

$mysql = "SELECT DISTINCT quiz_name FROM $table";
$mydata = mysql_query($mysql,$con);
while($records = mysql_fetch_array($mydata)){

I then add the mysql_error() and got back 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''jordan@yahoo.com'' at line 1

What am I doing wrong? Thank you

quiz_main.php

<?php
session_start();
?>
<!DOCTYPE html> 
<html>

<head>
  <title>Quiz</title>

  <link rel="stylesheet" type="text/css" href="css/style.css" /> 
</head>

<body>
  <div id="main">

    <header>
      <div id="welcome">
        <h2>Prairie View A&amp;M University</h2>
      </div><!--close welcome-->                
    </header>   

    <nav>
      <div id="menubar">
        <ul id="nav">
          <li><a href="index.php">Home</a></li>
          <li><a href="user-account.php">Account Info</a></li>
          <li class="current"><a href="quiz_main.php">Quiz</a></li>
          &nbsp &nbsp &nbsp &nbsp &nbsp
<?php
if($_SESSION['loginname'])
echo $_SESSION['loginname'].", "."<a href='user-account.php'>Account</a>"."     "."<a href='logout.php'>Logout</a>";

else
    die("You must login");
?>
        </ul>
      </div><!--close menubar-->    
    </nav>      

    <div id="site_content">

    <h2 style="font-size:50px" align="center" > Quiz Page</h2>

   <h2> All Quizzes:</h2></br>
    <?php
    $table_name=$_SESSION['loginname'];
    $username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = $table_name;

$con = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MYsql");
// echo "Connected to mysql<br>";

$db = mysql_select_db("$database")
 or die("Could not select Basketball_database");
 //echo "Connected to database";

//form for selecting quiz
echo "<form action=\"/xampp/Website_DataBase/Pvamu_website/quiz/index.php\" method=\"post\">";

$mysql = "SELECT DISTINCT quiz_name FROM '$table_name'";
$mydata = mysql_query($mysql,$con);

if($mydata === FALSE) {
die(mysql_error()); // TODO: better error handlin
}


while($records = mysql_fetch_array($mydata)){
    $quizname=$records['quiz_name'];

    echo "<input type=radio name=name_quiz value='".$records['quiz_name']."'>".$records['quiz_name']."<br>";
}


echo "<input type=submit value=Submit Continue>";
echo "</form>"; 


    ?>
    <a href="quiz_folder/coach_quizzes.php">Creat a Quiz</a>
      <div id="content">
        <div class="content_item">


      </div><!--close content_container-->          
    </div><!--close content_item-->
</div><!--close content-->   
    </div><!--close site_content-->     

    <footer>
     <a href="index.php">Home</a> | <a href="photos.php">Photos</a> | <a href="videos.php">Videos</a> | <a href="schedule.php">Schedule</a> | <a href="contact.php">Contact</a><br/><br/>

    </footer>   

  </div><!--close main-->

  <!-- javascript at the bottom for fast page loading -->
  <script type="text/javascript" src="js/jquery.min.js"></script>
  <script type="text/javascript" src="js/image_slide.js"></script>  

</body>
</html>
Jordan
  • 41
  • 5
  • Your query failed. Use mysql_error() to find out why. I'm guessing you forgot to use `session_start()`. – John Conde Apr 12 '14 at 22:02
  • 1
    so ultimately the query is `SELECT DISTINCT quiz_name FROM jordan@yahoo.com` really.?!?1@{]., – Lawrence Cherone Apr 12 '14 at 22:04
  • Just a note, but this line doesn't actually do anything useful: `$table = "$table_name";` You're just making another variable with the same contents. – IMSoP Apr 12 '14 at 22:05
  • By the way, the mysql API you're using is old and will be removed soon. You should learn PDO instead, it's much better. http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059 – Abhi Beckert Apr 12 '14 at 22:27
  • @JohnConde this is not a duplicate of that question at all. It's the same error message but a totally different problem. – Abhi Beckert Apr 12 '14 at 22:29
  • @AbhiBeckert It is not a different problem. That error occurs for one reason: the query failed. The solution for that is in that question. – John Conde Apr 12 '14 at 22:33
  • @JohnConde there are a million possible causes for a query to fail. One answer can't possibly cover all of them. I just realised your comment was before he posted additional details. He has already tried what was suggested in the question you linked, it won't help. This is a pretty unusual MySQL syntax error. – Abhi Beckert Apr 12 '14 at 22:36
  • @AbhiBeckert Questions like, and "undefined index", etc. are very common and low quality. They are all off topic here. So we link to canonical answers that demonstrate how to solve them. The very specific cause may vary, but the overall problem is the same for all them. The root cause for this error is always the same and troubleshooting it is, too. – John Conde Apr 12 '14 at 22:38
  • This isn't an undefined index, this is an escaping issue where the official API for escaping cannot be used, you have to manually perform your own escaping with `str_replace()`. It deserves it's own answer (or at least a different duplicate to the one you found). You should have read the question more carefully before voting to close it. – Abhi Beckert Apr 12 '14 at 22:42

2 Answers2

0

1 remove quotes 

$hostname = "localhost";
$database = "basketball_database";
$table = $table_name;

2 change your code to

$mysql = "SELECT DISTINCT quiz_name FROM '$table'";
$mydata = mysql_query($mysql);
while($records = mysql_fetch_array($mydata)){

if have't started session in your page ..

add session_start() at the top of your page

Azeem Hassni
  • 875
  • 13
  • 28
  • I've tried that method already and still getting an error. I then add the mysql_error() and got back "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''jordan@yahoo.com'' at line 1" – Jordan Apr 12 '14 at 22:19
  • is the period(.) or @ symbol making a difference? – Jordan Apr 12 '14 at 22:20
  • then you should check for errors ... like this .. `if($mydata) { #while loop } else { echo mysql_error(); }` – Azeem Hassni Apr 12 '14 at 22:23
  • also the session variable should assigned string value . `$_SESSION['loginname']= "jordan@yahoo.com";` – Azeem Hassni Apr 12 '14 at 22:25
  • I added the `else` and it just gave me my original error `Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in` The `$_SESSION['loginname']` is already defined as jordan@yahoo.com from another page. I've added the `session_start()` at the beginning of every page. – Jordan Apr 12 '14 at 22:30
  • share the code you tried .. – Azeem Hassni Apr 12 '14 at 22:31
0

You need backticks if you have special characters in the table name:

$table = str_replace('`', '``', $table); // escape backticks in $table

$mysql = "SELECT DISTINCT quiz_name FROM `$table`";

The @ and . character require backticks, and so do many other possible characters. Please have a quick read about SQL injection:

Community
  • 1
  • 1
Abhi Beckert
  • 31,840
  • 12
  • 79
  • 109
  • It was the backticks. I have problem with double and single quotes and now I need to look out for backticks. I do understand mysql is out of date. Its as simple as changing it to mysqli? – Jordan Apr 12 '14 at 22:38
  • You need to use `mysql_real_escape_string()` for quotes. mysqli also needs `mysqli_real_escape_string()` (note the i). Alternatively you can use PDO which can do escaping automatically for you. That is what I would suggest using. It's explained in the three links I provided. – Abhi Beckert Apr 13 '14 at 00:49