-4

i got mysql_fetch_array() error while fetching the data from the DB. i already try the SQL at phpmyadmin, the query works just fine. but when opening the php page, the query not working. i dont know what the reason. there's no error shown at the page. no data shown at the page either, only the table.

FYI, these codes are for Parent viewing the specific student record (their child). i specify the user using session username.

thanks in advance!

`

<table border="1" width="1050px" align="center" cellpadding="3" class="mytable" cellspacing="0">
    <tr>
        <th>No</th>
        <th>Student ID</th>
        <th>Student Name</th>
        <th>Gender</th>
        <th>Date of Birth</th>
        <th>Parent's Name</th>
        <th>Parent's IC</th>
        <th>Address</th>
        <th>Phone</th>
        <th>E-mail</th>
        <th>Class</th>
        <th colspan="2">Update</th>
    </tr>

<?php
$sql_parent=mysql_query("SELECT stu_id,stu_name,gender,dob,parent_name,parent_ic,address,phone,email,class_name FROM stu_tbl A, users_tbl B WHERE A.parent_ic = B.icnum AND B.username =  '.$_SESSION[username]'");
if($sql_parent === FALSE) { 
die('could not get data'.mysql_error()); }

$i=0;
while($row=mysql_fetch_array($sql_parent)){
$i++;
$color=($i%2==0)?"lightblue":"white";
?>
  <tr bgcolor="<?php echo $color?>">
        <td><?php echo $i;?></td>
        <td><?php echo $row['stu_id'];?></td>
        <td><?php echo $row['stu_name'];?></td>
        <td><?php echo $row['gender'];?></td>
        <td><?php echo $row['dob'];?></td>
        <td><?php echo $row['parent_name'];?></td>
        <td><?php echo $row['parent_ic'];?></td>
        <td><?php echo $row['address'];?></td>
        <td><?php echo $row['phone'];?></td>
        <td><?php echo $row['email'];?></td>
        <td><?php echo $row['class_name'];?></td> 
        <td><a href="?tag=parent_update&opr=upd&rs_id=<?php echo $row['stu_id'];?>" title="Update"><img src="picture/update.png" /></a></td>
      </tr>
       <?php    
}
?>

`

mya
  • 13
  • 4
  • 3
    Use `mysqli` and prepared statements. – AbraCadaver Feb 06 '15 at 15:27
  • Try concatenating the session variable like `B.username ='".$_SESSION['username']."'");` – Aditya Feb 06 '15 at 15:29
  • Add $num_rows = mysql_num_rows($result); echo $num_rows. – user3741598 Feb 06 '15 at 15:30
  • done any basic debugging, like checking if $_SESSION['username'] contains anything? YOu don't have a `session_start()` call in there, so probably you're ending up doing `B.username = ''`. – Marc B Feb 06 '15 at 15:31
  • Please check the links in the "Related" section on the right side of your screen. This question is asked regularly. – Ed Gibbs Feb 06 '15 at 15:32
  • 1
    **Warning** This extension is deprecated as of PHP 5.5.0, and will be removed in the future. - http://php.net/manual/en/function.mysql-fetch-array.php – arleslie Feb 06 '15 at 15:32
  • 1
    And if you won't use prepared statements, use `mysql_real_escape_string($_SESSION['username'])` to avoid SQL injections if the username is entered by a user, or if it can contain any apostrophe. – Fenistil Feb 06 '15 at 15:33
  • 1
    **Building SQL statements with outside variables makes your code vulnerable to SQL injection attacks.** Also, any input data with single quotes in it, like "O'Malley", will blow up your query. Learn about parametrized queries, preferably with the PDO module, to protect your web app. [This question](http://stackoverflow.com/questions/60174) has many detailed examples. See also http://bobby-tables.com/php for alternatives & explanation of the danger. Running SQL code built with outside data is like eating soup made from ingredients found on your doorstep. – Andy Lester Feb 06 '15 at 15:34
  • Thanks for all the help guys! – mya Feb 06 '15 at 15:46

2 Answers2

0

The query is wrong

SELECT stu_id,stu_name,gender,dob,parent_name,parent_ic,address,phone,email,class_name FROM stu_tbl A, users_tbl B WHERE A.parent_ic = B.icnum AND B.username =  '.$_SESSION[username]'

I don't know what is in the $_SESSION variable, but the concatenation is done wrong anyway

Maxim Krizhanovsky
  • 25,260
  • 5
  • 51
  • 86
0

How does that query not give you a PHP error? You have to wrap an array in curly braces in a string and you need to put quotes around the array key. It should look like this:

"SELECT stu_id,stu_name,gender,dob,parent_name,parent_ic,address,phone,email,class_name FROM stu_tbl A, users_tbl B WHERE A.parent_ic = B.icnum AND B.username = '{$_SESSION['username']}'"

Also you have a period before $_SESSION that shouldn't be needed.

NOTE: Your query is unsafe. mysql_* is deprecated. You should use mysqli_ or PDO with prepared statements.

fragilewindows
  • 1,354
  • 1
  • 14
  • 26
Dan
  • 9,804
  • 4
  • 21
  • 35
  • if i put the curly braces, its give me this error. "could not get dataYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '}' " – mya Feb 06 '15 at 15:40
  • oh sorry, my bad. its works! Thanks dan08 :D – mya Feb 06 '15 at 15:43