Cannot echo result from mysql

Question

All I need is to produce a row. I've looked at all the samples and I cannot for the life of me get the right information. Hence help is required please.

Connection to DB in the usual way. Here is my code for the query.

$sql = "SELECT * FROM table WHERE `u_password` = $pword AND `user` = $uname LIMIT 1";
$result = mysqli_query($mdb, $sql);
$row = mysqli_fetch_assoc($result);
//Then I try to retrieve say the user name....
echo $row['seeking'];

I've got a count in there and it produces a result of 1. The error I get is 'Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result'

Help would be appreciated.

RiggsFolly · Accepted Answer

The error

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result

Almost always means that the query failed for some reason, thus $result = mysqli_query returns FALSE rather than a mysql_result object so anything that then tries to use $result as an object will not work for obvious reasons.

The issue with your query is that text column data must be wrapped in quotes like this

$sql = "SELECT * 
        FROM table 
        WHERE `u_password` = '$pword' AND `user` = '$uname' LIMIT 1";

Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe!

You should use parameterized queries to avoid this.

$sql = "SELECT * 
        FROM table 
        WHERE `u_password` = ? AND `user` = ? LIMIT 1";
$stmt = mysqli_prepare($mdb, $sql);
// its also a good idea to check the staus of a prepare 
// and show the error if it failed, at least while testing
if ( $stmt === FALSE ) {
    echo mysqli_error($mdb);
    exit;
}
$stmt->bind_param('ss', $pword, $uname );
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
echo $row['seeking'];

Cannot echo result from mysql

Answers (2)

Related Questions