Sql result returning as a boolean not resource

Question

The following is the php code, and I will cut in to explain where the errors occur

//getting the aisles for the list via mysql query
for($i = 0; $i < $size; $i++){

size is the count of a previous array

$sql = "SELECT Aisle FROM `Items` WHERE `Store_ID` = $storeid AND `Name`= {$items[$i]}";
print("i=$i");
$result= mysql_query($sql, $link);
print("'items[$i]' is $items[$i]");
print("$sql");

$temp= mysql_fetch_assoc($result);

result is being returned as a boolean

$aisle= $temp["Aisle"];
$aisles[$i] = $aisle;
print(current($aisles));
mysql_free_result($result);
}

here is the error code

5SELECT storeid FROM ListNames WHERE user_id = 1 AND listname='test'2i=0'items[0]' is SELECT Aisle FROM Items WHERE Store_ID = 2 AND Name= Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 66

Warning: mysql_free_result() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 70 i=1'items[1]' is SELECT Aisle FROM Items WHERE Store_ID = 2 AND Name= Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 66

Warning: mysql_free_result() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 70 i=2'items[2]' is SELECT Aisle FROM Items WHERE Store_ID = 2 AND Name= Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 66

Warning: mysql_free_result() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 70 i=3'items[3]' is SELECT Aisle FROM Items WHERE Store_ID = 2 AND Name= Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 66

Warning: mysql_free_result() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 70 i=4'items[4]' is SELECT Aisle FROM Items WHERE Store_ID = 2 AND Name= Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 66

Warning: mysql_free_result() expects parameter 1 to be resource, boolean given in /home2/ctshaw96/public_html/scripts/getAisles.php on line 70 "Item Not Found""Item Not Found""Item Not Found""Item Not Found""Item Not Found"

and here is the url http://shaw-dev.com/scripts/getAisles.php?userid=1&listname=test

Answer 1

This SQL:

SELECT Aisle FROM `Items` WHERE `Store_ID` = $storeid AND `Name`= {$items[$i]}

will build incorrect SQL such as

SELECT Aisle FROM `Items` WHERE `Store_ID` = $storeid AND `Name`= foo

It must be put in single quotes.

However, please note that building SQL statements with outside variables makes your code vulnerable to SQL injection attacks. Also, any input data with single quotes in it, like "O'Malley", will blow up your query. Learn about parametrized queries, preferably with the PDO module, to protect your web app. This question has many detailed examples. See also http://bobby-tables.com/php for alternatives & explanation of the danger. Running SQL statements built with outside data is like eating soup made from ingredients found on your doorstep.

Answer 2

mysql_query() will return false if there's an error.

If it returns false, you can get the error message with mysql_error().

Answer 3

wrap item[$i] with single quotes

$sql = "SELECT Aisle FROM `Items` WHERE `Store_ID` = $storeid AND `Name`= '{$items[$i]}'";