There is such a code:

var_dump($link); $query="SELECT * FROM `".$mysql_table."` WHERE `code`=".$link; $sql_result=mysql_query($query); var_dump($sql_result); $row=mysql_fetch_assoc($sql_result);

Example: $link: 3u , in the code column there is such a value, but var_dump($sql_result); returns bool(false) . Tell me, please, what is the error.

  • Please provide the code that writes the values ​​in $ mysql_table - Klimenkomud
  • $ query = "UPDATE ".$mysql_table." SET code = '". $ link_short. "' WHERE link_id = '". $ row [' link_id ']. "'" "; mysql_query ($ query); - Sergey Kiryakov
  • $ query = "INSERT INTO ".$mysql_table." SET link_hash = '". $ link_hash. "', link_url = '". mysql_real_escape_string ($ link_url). "'"; mysql_query ($ query); - Sergey Kiryakov

1 answer 1

For SELECT, SHOW, DESCRIBE, EXPLAIN, and other queries that return a result from multiple rows, mysql_query () returns a handle to the result of the query (resource), or FALSE if an error occurs. Official documentation

The error is that any text values ​​must be in quotes, and it is passed to you as a column name and, accordingly, MySQL cannot find such a column in the table and throws the answer that the query is erroneous. That's true (but not quite):

 $query="SELECT * FROM `".$mysql_table."` WHERE `code`='".$link."'"; $sql_result=mysql_query($query); if (!$sql_result) { die('Неверный запрос: ' . mysql_error()); } $row=mysql_fetch_assoc($sql_result);

In general, in no case do not try to use the outdated mysql extension and substitute parameters in a similar way, you doom yourself to the torment associated with the possibility of hacking and the lack of support in future versions. After all, if the link parameter comes from a user, I, as a user, can slightly change your query (read more: SQL injections) and get the data that I need. Unless of course you pre-do type checking, etc.

Correctly build a query through PDO or MySQLi using named parameters that prevent global change of the query. Example via PDO:

 try { $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass); $sql = 'SELECT * FROM table WHERE code = :code'; $sth = $dbh->prepare($sql); $sth->execute([':code' => $link]); $result = $sth->fetchAll(); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); }
  • Thank. I have a translation of all the translation in the string type, so for security, I do not worry. - Sergey Kiryakov