StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>A query may fail for various reasons in which case both the mysql_* and the mysqli extension will return <code>false</code> from their respective query functions/methods. You need to test for that error condition and handle it accordingly.</p> <p><strong><a href="http://docs.php.net/book.mysql" rel="noreferrer">mysql_* extension</a></strong>:</p> <blockquote> <p><strong>NOTE</strong> The <a href="https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php">mysql_ functions are deprecated</a> and have been removed in php version 7.</p> </blockquote> <p>Check <code>$result</code> before passing it to <code>mysql_fetch_array</code>. You'll find that it's <code>false</code> because the query failed. See the <a href="http://php.net/manual/en/function.mysql-query.php" rel="noreferrer"><code>mysql_query</code></a> documentation for possible return values and suggestions for how to deal with them.</p> <pre><code>$username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; $result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '$username'"); if($result === FALSE) { die(mysql_error()); // TODO: better error handling } while($row = mysql_fetch_array($result)) { echo $row['FirstName']; } </code></pre> <p><strong><a href="http://docs.php.net/book.mysqli" rel="noreferrer">mysqli extension</a></strong><br> <em>procedural style</em>:</p> <pre><code>$username = mysqli_real_escape_string($mysqli, $_POST['username']); $result = mysqli_query($mysqli, "SELECT * FROM Users WHERE UserName LIKE '$username'"); // mysqli_query returns false if something went wrong with the query if($result === FALSE) { yourErrorHandler(mysqli_error($mysqli)); } else { // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach foreach( $result as $row ) { ... </code></pre> <p><em>oo-style</em>: </p> <pre><code>$username = $mysqli->escape_string($_POST['username']); $result = $mysqli->query("SELECT * FROM Users WHERE UserName LIKE '$username'"); if($result === FALSE) { yourErrorHandler($mysqli->error); // or $mysqli->error_list } else { // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach foreach( $result as $row ) { ... </code></pre> <p><em>using a prepared statement:</em></p> <pre><code>$stmt = $mysqli->prepare('SELECT * FROM Users WHERE UserName LIKE ?'); if ( !$stmt ) { yourErrorHandler($mysqli->error); // or $mysqli->error_list } else if ( !$stmt->bind_param('s', $_POST['username']) ) { yourErrorHandler($stmt->error); // or $stmt->error_list } else if ( !$stmt->execute() ) { yourErrorHandler($stmt->error); // or $stmt->error_list } else { $result = $stmt->get_result(); // as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach foreach( $result as $row ) { ... </code></pre> <hr> <p>These examples only illustrate <em>what</em> should be done (error handling), not how to do it. Production code shouldn't use <a href="http://www.phpfreaks.com/blog/or-die-must-die" rel="noreferrer"><code>or die</code></a> when outputting HTML, else it will (at the very least) generate invalid HTML. Also, database error messages shouldn't be displayed to non-admin users, as it <a href="http://msdn.microsoft.com/en-us/library/ms995351.aspx#securityerrormessages_topic2" rel="noreferrer">discloses too much information</a>.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload