0

I want to select channel1

my table look like this

ch_id      ch      ch_name
1          ch1     channel 1
2          ch2     channel 2
3          ch3     channel 3
4          ch4     channel 4

I try to select channel1 using url

exemple.com/channel.php?ch=ch1

When i use this

<?php
include('dbconfig.php');
$ch = $_GET['ch'];
$qry="select * from channel_list where ch=".$ch.
$row = mysql_fetch_array(mysql_query($qry));
 ?>

It show me this error

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/.../public_html/channel.php on line 5

Thanks in Advance

Simo E.
  • 1
  • 3
  • 1
    **WARNING**: This is terrifyingly insecure because those parameters are not [properly escaped](http://bobby-tables.com/php). You should **NEVER** put `$_GET` data directly into the query: it creates a gigantic [SQL injection bug](http://bobby-tables.com/). `mysql_query` is an obsolete interface and should not be used, it's being removed from PHP. A modern replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/). A guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. – tadman Jan 28 '15 at 19:46
  • You should really take a look at mysqli and PDO. You use deprecated functions and you have a SQL-injection in your code. – René Höhle Jan 28 '15 at 19:46
  • column values that are strings need to be quoted -> `... WHERE ch= "ch1"`. Using prepared statements/parameters like the other comments mentioned would do this for you. using your [outdated/unsafe] method you would need to do `$qry="select * from channel_list where ch='".$ch."'";` – Sean Jan 28 '15 at 19:51
  • Thanks @Sean it work perfect now – Simo E. Jan 28 '15 at 20:01

1 Answers1

2

Better use mysqli :) This would work. Official docs

<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

$query = "SELECT Name, CountryCode FROM City ORDER by ID LIMIT 3";
$result = $mysqli->query($query);

/* numeric array */
$row = $result->fetch_array(MYSQLI_NUM);
printf ("%s (%s)\n", $row[0], $row[1]);

/* associative array */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ("%s (%s)\n", $row["Name"], $row["CountryCode"]);

/* associative and numeric array */
$row = $result->fetch_array(MYSQLI_BOTH);
printf ("%s (%s)\n", $row[0], $row["CountryCode"]);

/* free result set */
$result->free();

/* close connection */
$mysqli->close();
?>
magic-sudo
  • 1,246
  • 9
  • 14