0

Hello

i have a problem with protect from sql injection :

the problem is:
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in

My Old Code (working):

<?php
$currentid= $_GET['id'];
$q="select * from tbl_car where id=$currentid";
$result= mysql_query($q);
while ($row = mysql_fetch_assoc($result)) {}
?>

my New Code (not working):

<?php
$item = $_GET['id'];
$currentid = mysql_escape_string($item);
printf("Escaped string: %s\n", $currentid);

				
$q=sprintf("select * from tbl_car where id=’%s’",mysql_real_escape_string($currentid));
$result= mysql_query($q);


while ($row = mysql_fetch_assoc($result)) {
}
?>

the error in mysql_fetch_assoc

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in

i tried to add @ like this

while ($row = @mysql_fetch_assoc($result))

but no results


can anyone help me please???

3
Contributors
5
Replies
6
Views
6 Years
Discussion Span
Last Post by diafol
1

Why you using sprintf anyway?
You're also using weird single quotes: id=’%s’
Use normal single quotes: id='%s'

Votes + Comments
yes
0

thank you very much

it's working now

the problem id=’%s’

the correct single quotes id='%s'

thanks you again

1

Agree with twiss.

If this is solved, mark it so with the link below.

Votes + Comments
Now i know why you have so many solved threads
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.