-4

Possible Duplicate:
PHP Error: mysql_fetch_array() expects parameter 1 to be resource, boolean given

So heres what my error is:

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /home/content/12/8781812/html/internal/domain/property/process.php on line 17

The code is: 

function checkTOS($username){
    include("includes/opendb.php");

    $user2check = mysql_real_escape_string($_POST['username']);
    $query = "SELECT * FROM user WHERE username=".$user2check;
    $result = mysql_query($query);
    while($row = mysql_fetch_row($result)){
        $TOS = $row[11];
        }
 if($TOS == 1){
        return true;
    }else{
        return false;
    }

 }

Line 17 is:

while($row = mysql_fetch_row($result)){

This is basically checking to see if the user accepted the terms of service in the main user db.

EDIT:

So I fixed it but now I get nothing when I try to print my row... Heres the new code.

function checkTOS($preusergrab){
    include("includes/opendb.php");

    $query = "SELECT * FROM users WHERE username='".$preusergrab."'";
    $result = mysql_query($query) or die(mysql_error());

    while($row = mysql_fetch_row($result)){
        $TOS = $row[11];
        }

        // echo $query;
        print_r($row);
        die();
Community
  • 1
  • 1
JD Audi
  • 1,049
  • 6
  • 17
  • 37
  • You have to enclose the value in single quotes, in your query. ie, `$query = "SELECT * FROM user WHERE username='".$user2check."'";` – Akhilesh B Chandran Mar 13 '12 at 15:31
  • @Rook what is wrong with this then? – JD Audi Mar 13 '12 at 15:35
  • You should think about using the column name instead of the index `$TOS = $row[11]`. a programmer in the future may add a column and break your code. – Johnny Craig Mar 13 '12 at 15:36
  • @JD Audi You have like 12 correct answers here – rook Mar 13 '12 at 15:38
  • @Rook I know that. but what im asking you is the injection part. what is wrong with the code? – JD Audi Mar 13 '12 at 15:39
  • 1
    @JD Audi You clearly don't understand the basics of what a quote mark is and why we need them. By extension you don't have a clue what mysql_real_escape_string does and why its used in your query. Use parametrized quires like PDO or ADOB. – rook Mar 13 '12 at 15:43
  • @Rook can you suggest a fix? I don't know anything about those. – JD Audi Mar 13 '12 at 15:45
  • @Rook I said I don't know anything about those. Instead of being a smart ass post an answer with your suggestions. – JD Audi Mar 13 '12 at 15:49
  • 1
    **use parametrized queries**, which is what i said in my post. God damn it. – rook Mar 13 '12 at 15:50
  • 2
    http://stackoverflow.com/search?q=mysql_fetch_row%28%29+expects+parameter+1+to+be+resource%2C+boolean+given 5,000+ duplicates. https://www.google.com/#sclient=psy-ab&hl=en&source=hp&q=mysql_fetch_row()+expects+parameter+1+to+be+resource%2C+boolean+given&oq=mysql_fetch_row()+expects+parameter+1+to+be+resource%2C+boolean+given&aq=f&aqi=g1g-m1&aql=&gs_sm=12&gs_upl=8828l8828l1l9168l1l1l0l0l0l0l76l76l1l1l0&gs_l=hp.12..0j0i5.8828l8828l1l9168l1l1l0l0l0l0l76l76l1l1l0&pbx=1&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=d5ee398ce9f96210&biw=1920&bih=964 3.6 million. – Mike B Mar 13 '12 at 16:02
  • I love how people get so mad when people ask questions. How many questions have you guys asked thats been answered already? Have respect for people that aren't as talented as you. – JD Audi Mar 13 '12 at 16:03
  • @JDAudi That maybe true, but this question is asked on here a **lot** and they all have the same 2 or 3 causes. – jprofitt Mar 13 '12 at 16:26
  • @jprofitt I updated my question – JD Audi Mar 13 '12 at 16:50
  • @JD Audi : 155 answers for 3 questions (one being self answered). That's because a good part of the people answering you usually try google or SO search before starting to ask questions. – Arkh Mar 13 '12 at 17:25
  • @JDAudi Try using `mysql_fetch_assoc()` instead of `mysql_fetch_row()` and then you can access the columns by `$row['COLUMN_NAME']` – jprofitt Mar 13 '12 at 18:17
  • Well nice my account is blocked now. Thanks everyone! – JD Audi Mar 13 '12 at 18:58

6 Answers6

4

You've forgotten quotes around your $username in the query string, causing the username to be treated as a fieldname which does not exist. The query fails, returns a boolean false, which you then blindly attempt to use in the fetch call, triggering your error.

$query = "SELECT * FROM user WHERE username='".$user2check . "'";
                                            ^--           ^^^^^^---missing

If you had even barebones minimal error handling, you'd have seen the error:

$result = mysql_query($query) or die(mysql_error());
Marc B
  • 348,685
  • 41
  • 398
  • 480
1

Your query failed. That is why it is a boolean.

$result = mysql_query($query);
if ($result === FALSE) {
  die("My query failed : " . mysql_error());
}
roychri
  • 2,796
  • 1
  • 19
  • 29
  • 1
    Don't output a fixed string for the error message. It's utterly useless for figuring out what the problem is. ALWAYS output the real error message while developing/debugging: `... or die(mysql_error())`. – Marc B Mar 13 '12 at 15:32
1

You need to quote your username in the query:

$query = "SELECT * FROM user WHERE username='".$user2check."'";

As it is now, you have an invalid sql query.

jeroen
  • 90,003
  • 21
  • 112
  • 129
1

if the query is unsuccessful mysql_query returns a boolean ... replace 

$result = mysql_query($query);

with :

$result = mysql_query($query);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}
Manse
  • 37,343
  • 10
  • 82
  • 108
1

I think that the query wasn't ok and so there was an error and mysql_query returned false, that's why you have a boolean

Nicola Peluchetti
  • 74,514
  • 30
  • 136
  • 188
1

Read your error:

mysql_fetch_row() expects parameter 1 to be resource, boolean given

So it means $result is a boolean. Which happen when mysql_query had an error. Which in turn mean that your SQL is wrong.

"SELECT * FROM user WHERE username='".$user2check."'";

Should work better.

Arkh
  • 8,350
  • 38
  • 44