0

For ex. adress page test.php?prid=4477535

Code page test.php

function query($query) {
    $database = 'test';
    $host = 'test';
    $username = 'test';
    $password = 'test';
    $link = mysql_connect($host,$username,$password);
    if (!$link) {
    die(mysql_error());
    }
    $db_selected = mysql_select_db($database);
    if (!$db_selected) {
    die(mysql_error());
    }
    $result = mysql_query($query);
    mysql_close($link);
    return $result;
    }


        $product_idn=$_GET['prid'];

        $select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
        foreach ($select_image as $row)
        {
        $select_image_array[]=$row->image;
        }

print_r ($select_image_array);

receives a request

SELECT * 
FROM products_images
WHERE  `product_idn` =  '4477535'

If make select from phpmyadmin i have 10 rows.

But if i use test.php?prid=4477535 i see empty page.

print_r ($select_image_array) not show array.

Tell me please why i see rows with phpmyadmin and not see rows with script?

Improve this question
1
  • 1
    Why are you opening a new connection each query? Commented Nov 25, 2012 at 1:32

5 Answers 5

Reset to default
3

Like the other said, you are prone to SQL injection since you don't serialize your input, but to fix your code, use this:

$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());

while($data = mysql_fetch_assoc($select_image))
{
    echo $data['image'];
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You are doing it wrong. You have to fetch the resource (mysql_query returns a resource) into an array, and the keys of the array will be the names of the rows returned from your query.

$product_idn=$_GET['prid'];

$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());

    while($fetch=mysql_fetch_assoc($select_image))
    {
         echo $fetch['image'];
    }

    print_r ($select_image_array);

BTW, You have a security hole here - SQL Injection.

Improve this answer

Comments

0

Test the following

$result = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'")
$select_image = mysql_fetch_assoc($result);
var_dump($select_image);

for more information look at https://www.php.net/mysql_query

Improve this answer

Comments

0

You just echo $row->image; Never initialize $select_image_array

Improve this answer

Comments

0

print_r ($select_image_array); won't show anything because there is no $select_image_array defined. Did you mean print_r ($select_image);?

Is query() a function you've defined? If not and you don't have errors on you are likely to see nothing.

You also need to sanitize your SQL. Simplest method for now since it's an integer:

$product_idn=(int)$_GET['prid'];
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.