Forum Porblems PHP

ID:275794
 
Nov 18 2004, 10:32 am (Edited by moderator on Nov 19 2004, 2:30 am)
Bellow is the error I get when I try and view one of my messages from my MySQL database.
Logged in as Green Lime, logoutQuery Failuer!
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/dbghome.mybesthost.com/forum.php on line 160

Warning: Wrong parameter count for mysql_free_result() in /home/www/dbghome.mybesthost.com/forum.php on line 190
Freeing Memory Failuer!

The Query Failuer! is the problem Im guessing any way. Bellow is the querry code that I am sending through the query function.
// Looking at a certain message //Open a connection to the database $hCon = mysql_connect( "mybesthost.com:3306", "+++++++++", "++++++" ); if(!$hCon){ echo "Connection Failed."; } $hDb = @mysql_select_db('dbghome_main', $hCon); if(!$hDb){ echo "Error: Selecting Database Message from Server!"; } //Build the SQL required to fetch all the messages in this //thread $sql = "SELECT Title, Body, Author, Date " ."FROM Message " ."WHERE MessageID=" .$_GET['MID']; $hStmt = mysql_query($sql,$hCon); if(!$hStmt) { echo "Query Failuer!"; } while ( $row = mysql_fetch_array($hStmt,$hCon) ) { $Reply = true; //Found at least one message //Clear the statement handle $FreeMem = mysql_free_result($hStmt,$hCon); if(!$FreeMem){ echo "\nFreeing Memory Failuer!"; }

There is code among that code but I dont see how any of it would effect my getting data from the database. Im stumped on why it wouln't recognize $hStmt as a Mysql resource when Im Assining the results of the quarry function to the variable.

Any one know whats going on?

[removed database name and password from query string- no point in advertising that- digitalmouse]
Nov 18 2004, 12:13 pm
Maybe it's not even the programming, maybe it's a setting the the php.ini. It's most likely showing memory leak errors, even though they don't need too. Uhmm, if it isn't that it could be something with PHPMyAdmin, or whatever you use.
Nov 18 2004, 1:15 pm
I'm guessing that there was either an SQL error, or there were simply no records to return. There's probably some way in PHP to check for/get better error messages from SQL itself, but I don't know PHP. Maybe the database is just empty and has no records to return?
Nov 18 2004, 1:20 pm
Green Lime wrote:
//Build the SQL required to fetch all the messages in this
//thread
$sql = "SELECT Title, Body, Author, Date "
."FROM Message "
."WHERE MessageID="
.$_GET['MID'];

$hStmt = mysql_query($sql,$hCon);
if(!$hStmt) {
echo "Query Failuer!";
}
Im stumped on why it wouln't recognize $hStmt as a Mysql resource when Im Assining the results of the quarry function to the variable.

Well, your problem isn't with mysql_fetch_array(), that's just an error triggered by the real problem, your search query. I'm no whiz at this sort of thing, but are you certain the sql is proper, and that you have permission to retrieve this info? If not, then mysql_query() will fail and that will fail mysql_fetch_array().

~X
Nov 18 2004, 3:28 pm
In "mysql_fetch_array($hStmt,$hCon)", don't pass the second argument; so make it "mysql_fetch_array($hStmt)" instead. I can't say I like your variable naming convention either, but whatever works for you. =)

Oh, and it's "failure", not "failuer".
Nov 19 2004, 2:32 am (Edited on Nov 19 2004, 2:43 am)
In response to Xooxer
Xooxer is on the right track, at least in terms of figuring out what is wrong. check your query string to make sure it is right (include capitalization of the field names).

But more importantly you should read up on those functions you are using to make sure you have the right parameters. For example, the php docs for mysql_fetch_array says that is normally takes only one argument. "The optional second argument result_type in mysql_fetch_array() is a constant and can take the following values: MYSQL_ASSOC, MYSQL_NUM, and MYSQL_BOTH. This feature was added in PHP 3.0.7. MYSQL_BOTH is the default for this argument." (http://de2.php.net/manual/en/function.mysql-fetch-array.php). In your code it should read: mysql_fetch_array($hStmt)

Also, mysql_free_result only takes one argument (http://de2.php.net/manual/en/function.mysql-free-result.php), and in your case, that is also $hStmt.

Nov 19 2004, 7:35 am
In response to digitalmouse
digitalmouse wrote:
Xooxer is on the right track, at least in terms of figuring out what is wrong. check your query string to make sure it is right (include capitalization of the field names).

But more importantly you should read up on those functions you are using to make sure you have the right parameters. For example, the php docs for mysql_fetch_array says that is normally takes only one argument. "The optional second argument result_type in mysql_fetch_array() is a constant and can take the following values: MYSQL_ASSOC, MYSQL_NUM, and MYSQL_BOTH. This feature was added in PHP 3.0.7. MYSQL_BOTH is the default for this argument." (http://de2.php.net/manual/en/function.mysql-fetch-array.php). In your code it should read: mysql_fetch_array($hStmt)

Also, mysql_free_result only takes one argument (http://de2.php.net/manual/en/function.mysql-free-result.php), and in your case, that is also $hStmt.


Thanks for responding DigitalMouse. I have all ready fixed Im pretty sure all the bugs in my forum system. Now I just need to redesign it so it looks cooler and fallows my main pages outline. What I ended up doing was copy/pasting the sql text into myphpadmin query. Which then brought up in detail what was wrong with the quary.
Nov 19 2004, 2:23 pm
In response to Green Lime
Green Lime wrote:
I have all ready fixed Im pretty sure all the bugs in my forum system.

This isn't a bug that will prevent your forum from working, but I think I found a security hole in your code.
<code> $sql = "SELECT Title, Body, Author, Date " ."FROM Message " ."WHERE MessageID=" .$_GET['MID']; </CODE>

You're taking a variable given to you by the user's browser and inserting it directly into your SQL query. That's a bad thing, since a user could put practically anything in there, including a whole new SQL query that could do anything.

I don't know much about PHP, but there should be a procedure of some kind that lets you make sure that "MID" is a number and has no text in it. Otherwise a malicious person could insert code of their choosing and cause damage to your database.