CODEWITHSUNDEEP
phpsqlsessionwhere-clause
clarkson
clarkson

Reputation: 571

using session variables in SQL where

I am trying to retrieve data from database and print them. Here's my code 

$sql="SELECT * FROM table1 WHERE c_no='".mysql_real_escape_string($_SESSION['user']['c'])."'.AND a_no='".mysql_real_escape_string($_SESSION['user']['a'])."'";
    $result=mysql_query($sql,$connect);

    echo "<table>";
    $num_of_rows=mysql_num_rows($result);
    echo $num_of_rows;
    for($k=0;$k<3;$k=$k+2){
        echo "<th>";
        echo mysql_field_name($result,$k);
        echo "</th>";       
    }
    while($r=mysql_fetch_assoc($result)){
        echo "<tr>";
        echo "<td>".$r["field1"]."</td><td>".$r["field2"]."</td>";
        echo "</tr>";
    }

This code gives the errors mysql_num_rows(): supplied argument is not a valid MySQL result resource
mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource
mysql_field_name(): supplied argument is not a valid MySQL result resource

Why is this ? My session varaibles work fine as when I use
echo $_SESSION['user']['a']; it works fine? Is the problem in WHERE clause ?

Upvotes: 0

Views: 83

Answers (2)

Talal Javed
Talal Javed

Reputation: 106

First - MySQL is deprecated. Try using MySQLi (improved).

Second - You're messing up with your queries.

Upvotes: 1

Richard
Richard

Reputation: 2815

This should work:

$sql="SELECT * FROM table1 WHERE c_no = '".mysql_real_escape_string($_SESSION['user']['c'])."' AND a_no = '".mysql_real_escape_string($_SESSION['user']['a'])."'";

You have missed a space for a point.

Upvotes: 1

Related Questions