Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I'm going to guess that the line throwing the error is this one:</p> <pre><code>while($row = mysql_fetch_assoc($result5)){ </code></pre> <p>The function <code>mysql_fetch_assoc</code> is "expecting a resource" in that you need to pass it the results of a SQL query and it will fetch from those results. However, <code>$result5</code> isn't a SQL query, it's a string:</p> <pre><code>$result5 = "mysql_query($query5)"; </code></pre> <p>I'm not sure why you put quotes around that, but you don't want them there if you want to actually have that code be interpreted:</p> <pre><code>$result5 = mysql_query($query5); </code></pre> <p>This would run the <code>mysql_query</code> function and place its return value (which is a resource) into <code>$result5</code>.</p> <hr /> <p>Now for the more important stuff...</p> <p>First and foremost, your code is wide open to <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow">SQL injection attacks</a>. There's a lot to know about this, and a single Stack Overflow answer isn't going to cover it. So I'll try to summarize the concept by simply saying that you should never <em>ever</em> use raw string concatenation of user-input values to build a SQL query. The user can enter malicious inputs and modify your query, effectively gaining access to your database. If your database runs with elevated permissions then they have access to more things on the server, and so on.</p> <p>Basically, <em>always sanitize your inputs</em> and <em>never implicitly trust inputs from the user</em>.</p> <p>Second, don't use the <code>mysql_</code> functions. They've been replaced by the <code>mysqli_</code> functions for, well, reasons not entirely unrelated to the SQL injection stuff I just mentioned. <a href="http://php.net/manual/en/function.mysql-query.php" rel="nofollow">The documentation page for them even very clearly states this</a>.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload