Cannot echo query result--query is obviously correct? Very simple PHP

Question

So I am attempting to create an HTML drop-down list. The list is fine--and it shows all of my desired options from a MySQL query of it's own; however my next step was to set the default value (which is the current landlord) for the tenant.

Now, I am able to successfully, but only with the landlords key (which is in a separate table). I have a second query that looks up the landlord's name based on the key, and I cannot even get it to echo out a response. I must assume the query is bad--but after looking at the same lines of code the entire morning, I believe I can confidently say it is not. I am hoping a second set of eyes will see something I do not.

Getting the current landlord for the tenant:

$sql = mysql_query("SELECT data_txt FROM field_data WHERE itemid = $uid AND fieldid = 16");
$row = mysql_fetch_array($sql);
$ll1 = $row[0];
$sql = mysql_query("SELECT info FROM landlords WHERE key = $ll1 LIMIT 1");
$row = mysql_fetch_array($sql);
$ll1_name = $row[0]

Setting the default value in the Dropdown-list:

I don't believe the problem lies here, since I cannot do anything as simple as echo the variable $ll1_name; but I feel it's worth including.

<td>

<?php echo "$ll1"; ?><br>

<?php echo "$ll1_name"; ?><br>

<select name=ll1>

<option value="<?php echo "$ll1"; ?>"> <?php echo "$ll1_name"; ?></option>
<?php
while ($curLandlord = mysql_fetch_array($landlordRows)){
?>
<option value="<?php echo "$curLandlord[0]"; ?>"> <?php echo "$curLandlord[1]"; ?></option>

<?php
}
?>


</select>
</td>

Also, I am well aware that this library is depreciated and my fields are not sanitized, etc. I am just making this as simple as possible, and then implementing that after I have a working model. The fewer variables, the better.

The following is an example of the table data:

Landlords

key, info, id (auto increment)

-*key*: ll1_07
-*info*: John Doe
-*id*: 77

field_data id, fieldid, data_txt, itemid

-*id*: 1234 (auto increment)
-*fieldid*: 18 (each fieldid corresponds to a field name in another table.  18 is landlord)
-*data_txt*: ll1_77
-*itemid*: 33 (tenants unique ID)

Answer 1

Try this and see what the response is:

$sql = "
    SELECT
        fd.data_text,
        l.info
    FROM
        field_data fd
    JOIN
        landlords l
        ON fd.data_text = l.key
    WHERE
        fd.itemid = $uid
        AND fd.fieldid = 16
    LIMIT 1";

$rs = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($rs);

var_dump($row);

That should tell you if you are getting any data back.

Answer 2

No, it's not "correct". You have an sql injection vulnerability. Just because your $ll1 value came out of the DB doesn't mean it's safe to REUSE in another query. You're doing the equivalent of

SELECT info FROM landlords WHERE key = foo LIMIT 1
                                       ^^^---unknown/illegal field name

instead of

SELECT info FROM landlords WHERE key = 'foo' LIMIT 1
                                       ^^^^^--string literal

If you had even BASIC error handling on your query calls, you'd have been informed of this:

$sql = mysql_query("SELECT [..snip..]") or die(mysql_error());
                                       ^^^^^^^^^^^^^^^^^^^^^^

Never EVER assume success on a query. Even if the sql is 100% syntactically correct, there's a near infinite number of reasons for it to STILL fail (biggest one: missing foreign key).