No Error but page remains blank with passing variables

Question

I have a little test project set up so that when you click a wolves's name, it takes them to a page that I want to use to personalize information concerning whichever wolf they clicked on. The page is called wolf.php. I'm trying to using passing variable the $_GET method to assign the URL the wolves id, i.e www.testsite.com/wolf.php?id=1 but the page then displays nothing even though I do not get an error.

Here's the home page (home.php)

<?php
$username = $_SESSION['username'];
$result = @mysql_query("SELECT * FROM wolves WHERE owner = '$username'");
while($wolf = mysql_fetch_array($result))
{
echo "<a href= wolf.php?id=$wolf[id]>$wolf[name]</a>";
};
?>

Clicking this link takes me to www.testsite.com/wolf.php?id=1 (or whatever the id was). On wolf.php I have this:

<?php
$id = $_GET['id'];
$result = @mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Error: no  
such wolf exists");
echo .$result['name'].
;
?>

I'm not sure where I went wrong but this doesn't seem to be working. No information regarding the id of the wolf shows up. Thanks for help in advance.

Answer 1

Firstly need fetch a result row.

Variant 1 - associative array (values are avialable as field names)

$result = mysql_fetch_assoc($result);
echo $result['name'];

Variant 2 - enumerated array (by index, started from zero)

$result = mysql_fetch_row($result);
echo $result[0];

Answer 2

Turn on error reporting with error_reporting(E_ALL); ini_set('display_errors', 1); in development so you see the fatal syntax errors in your code. It is also recommended to remove @ error suppression operator from your mysql_*() calls.

You have syntax problems on the last line. Unexpected . concatenation operators:

// Wrong:
// Parse error: syntax error, unexpected '.'
echo .$result['name'].
;

// Should be:
echo $result['name'];

Next, you have not fetched a row from your query:

// mysql_query() won't error if there are no rows found.  Instead you have to check mysql_num_rows()
$result = mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Query error: " . mysql_error());
// Zero rows found, echo error message.
if (mysql_num_rows($result) < 1) {
  echo "No such wolf.";
}
else {
  // Row found, fetch and display.
  $row = mysql_fetch_assoc($result);
  echo $row['name'];
}

Note that this script is wide open to SQL injection. At a minimum, call mysql_real_escape_string() on your query input variables.

$id = mysql_real_escape_string($_GET['id']);

Ultimately, think about using PDO or MySQLi instead of the old mysql_*() functions, as they support prepared statements for greater security over manually escaping variables. The mysql_*() functions are planned for deprecation.

Answer 3

In your second snippet you can't treat $result like it's an array; it's a resource identifier. To get an array, do:

$row = mysql_fetch_assoc($result);
echo $row['name'];

Also read about SQL injection vulnerability.

Answer 4

<?php
$username = $_SESSION['username'];
$result = @mysql_query("SELECT * FROM wolves WHERE owner = '$username'");

You forgot the session_start(); at the begining. $username is "" and the sql maybe is returning 0 records.