1007

I am trying to select data from a MySQL table, but I get one of the following error messages:

mysql_fetch_array() expects parameter 1 to be resource, boolean given

This is my code:

$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');

while($row = mysql_fetch_array($result)) {
    echo $row['FirstName'];
}
Improve this question
8
  • 15
    you can get more useful eroor msg using:: QUERY or die(mysql_error()); Commented Jun 4, 2010 at 10:26
  • 124
    Also the obligatory note: Your code is prone to SQL injection. You should validate and/or escape the user input. Have a look at mysql_real_escape_string. Never trust user data. Commented Jun 4, 2010 at 10:26
  • 7
    Actually, the OP's code will cause a syntax error on the MySQL server, but at least it is not vulnerable to SQL Injection because single quotes doesn't have variable interpolation. Commented Jul 4, 2014 at 14:06
  • 4
    @FelixKling I realize this is very old, and likely the most accurate possible at the time, but your comment is now dangerously wrong in one way: mysql_real_escape_string is not the be-all and end-all of SQL injection protection; it's still vulnerable to a number of attacks. (No, you never said it's perfect, but you implied it was the only required solution) The best solution now is PDO, as far as I know. Commented Mar 13, 2017 at 0:30
  • 2
    Gah. Extending this question to include MySQLi and PDO was a bad idea. They each have their own slightly different syntax and error messages and they could perfectly well have had their own questions. Combining everything into one giant three-part question just makes this less Googleable and forces people who arrive here to wade through irrelevant content to get to what they want. It's also invalidated a great many of the answers below, and makes this question "Too Broad" by the standards we normally apply. It's a mess, in my opinion, but it's too late to fix now. Commented Nov 15, 2018 at 23:30

31 Answers 31

Reset to default
1
2
0

since $username is a php variable we need to pass it as string to mysqli so since in the query u started with a single quote we will use the double quote, single quote and a fullstop for the concatination purposes ("'.$username.'") if you started with a double quote you would then reverse the quotes ('".$username."').

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE "'.$username.'"');

while($row = mysql_fetch_array($result))
     {
      echo $row['FirstName'];
     }

$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '".$username."' ");

while($row = mysql_fetch_array($result))
     {
      echo $row['FirstName'];
     }

but use of Mysql has depreciated much, use PDO instead.it is simple but very secure

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

But Mysql use has depreciated. you can use PDO instead. Let me give you a sample login.
Passwords should NEVER EVER be stored in plain text form, make use of the built in fucntions that PHP has for dealing with the hashing of passwords and the verifying of hashed passwords!
Do not use this code. It is wide open to SQL injection attacks.
1
2

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.