-1

Lets say I have a database full of info, and I want the user to find his info by inputting his ID. I collect the input of the user with:

'$_POST[PID]'

And want to put it into a resource variable like:

resource $result = '$_POST[PID]';

In order to print out their information like :

 while($row = mysql_fetch_array($result))
            {
                echo all their information
                echo "<br>";
            }

However I cannot create the resource variable because it is telling me that it is a boolean. How can I fetch that resource in order to print the list?

Raptor
  • 53,206
  • 45
  • 230
  • 366
user1404664
  • 73
  • 1
  • 2
  • 8
  • 2
    Why don't you get rid of the single quotes around the $_POST[PID]? then add a real sql command USING the ID you have collected from user input. – remedy. Feb 17 '14 at 03:30
  • 2
    *sidenote:* stop using deprecated `mysql_*` functions. use [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) instead. Here is a good [tutorial](http://j.mp/PoWehJ) for PDO. – Raptor Feb 17 '14 at 03:31

2 Answers2

4

Several problems with this

First, a resource is something like a database result set, a connection (like fsockopen), etc. You can't just declare or typecast a variable into a result set

Second, you need to do something like SQL to fetch the data based on that ID. That involves connecting to the DB, running your query and then doing your fetch_array

Third, mysql_ functions are depreciated. Consider using mysqli instead.

Machavity
  • 30,841
  • 27
  • 92
  • 100
  • Would something like `$result = mysql_query($_POST[PID]);` work? – user1404664 Feb 17 '14 at 03:35
  • You ignored the fact that mysql_* is depreciated. It's not being maintained anymore so using mysql_* will not be a good way to develop something that should be easily maintained over the future. Other than that, you still lack an sql command. – remedy. Feb 17 '14 at 03:38
  • No. First, you're passing your parameter as the SQL. Second, you're wide open to SQL injection. – Machavity Feb 17 '14 at 03:38
  • @remedy. So I tried `$result = mysqli_query($connection, $_POST[PID]);` Where `$connection` is the server and the post is the ID. However, it is telling me that: `mysqli_query() expects parameter 1 to be mysqli, resource given` Which is why i am confused – user1404664 Feb 17 '14 at 03:50
  • It sounds like you need to use `mysqli_connect` and set it to `$connection` – Machavity Feb 17 '14 at 03:55
  • Yes I already did that in a previous statement as `$connection = mysql_connect("theserver","myid","mypassword");` but it is still giving me that error. – user1404664 Feb 17 '14 at 03:57
  • `mysqli_connect`, not `mysql_connect` – Machavity Feb 17 '14 at 03:58
  • That solved that problem, but now I got another. I have `while($row = mysqli_fetch_array($result))` but that returns `mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given` which puts me back at the original problem. – user1404664 Feb 17 '14 at 04:03
  • Like I've said, $result needs to contain the sql command. For example $result = "'select id from table where id = 1"; – remedy. Feb 17 '14 at 05:11
0

I think you're having problems displaying the result set.

Try this

$id = $_POST['PID'];
$result = "SELECT * FROM table WHERE id ='.$id.'";

 while($row = mysqli_query($result))
        {
            echo $row[0];  //or whichever column you want to display. 
                           //$row[0] will display your   
                           // PK

        }
remedy.
  • 2,032
  • 3
  • 25
  • 48