3

As i am trying to increment the counter to plus 1 every time when the user clicks on the image. I have written the following code but it says some error "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\tkboom\includes\core.php on line 72". Can anyone look into this where i made a mistake..

Actually i have created 2 php files one for incrementing the counter and one for displaying the counter. In core.php file i have written the function and for displaying the count i have created a file called view.php

core.php
    function GenerateCount($id, $playCount) {
            global $setting;
            $counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
            $counter_res = mysql_query($counter_query);
            while($counter_row = mysql_fetch_array($counter_res)){
               $counter = $counter_row['hits'] + 1;
               $update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
               $playCount = mysql_query($update_counter_query);
               $playCount = $row['hits'];
            }
            return $playCount;

    // Get count END
    }

view.php

<?php

$sql = mysql_query("SELECT * FROM ava_games WHERE published=1 ORDER BY id desc LIMIT 30");
while($row = mysql_fetch_array($sql)) {

    $url = GameUrl($row['id'], $row['seo_url'], $row['category_id']);

    $name = shortenStr($row['name'], $template['module_max_chars']);

    $playRt = GenerateRating($row['rating'], $row['homepage']);

    $playCt = GenerateCount($row['id'], $row['hits']);


    if ($setting['module_thumbs'] == 1) {
        $image_url = GameImageUrl($row['image'], $row['import'], $row['url']);

        $image = '<div class="homepage_game"><div class="home_game_image"><a href="'.$url.'"><img src="'.$image_url.'" width= 180 height= 135/></a></div><div class="home_game_info"><div class="home_game_head"><a href="'.$url.'">'.$name.'</a></div></div><div class="home_game_options"><img class="home_game_options_icon" src="'.$setting['site_url'].'/templates/hightek/images/joystick-icon.png" /> &nbsp;'.$playRt.' <b>|</b> '.$playCt.' plays &nbsp;</div></div>';
        echo $image;
    }



    }

?>
Improve this question
1
  • are you getting value in $_GET['id'] ? Commented Jan 4, 2012 at 10:43

5 Answers 5

Reset to default
4

That most likely means that there's an error in the sql statement. You can get more information about the error via mysql_error().
In its simplest form:

$counter_res = mysql_query($counter_query) or die(mysql_error());

(edit: ...simplest form, but with this approach you don't give the application a chance to react to the problem, "die" as in "dead". And mysql_error() can leak too much information to a user of your webservice/website, see https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling)

Your code is also prone to

  • sql injections, because the $_GET parameter is put into the statement without sanitizing it first
  • race conditions because you have a compound operation consisting of one SELECT and one UPDATE without any locking mechanism.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This is because you get the error in your SQL query.
I'd change it a little bit:

$counter_query = 'SELECT hits FROM ava_games WHERE id = ' . (int)$_GET['id'];

to make sure you always compare id against integer value.

Improve this answer

Comments

1

After all, this query does not look good. First point: why are you using two queries to increment a value? UPDATE ava_games SET hits=hits+1 WHERE id=".$_GET['id'].""should do this in one step. Second point: have you heard about SQL injections? Escape or cast $_GET['id'] to avoid surprises ;)

Improve this answer

Comments

0

Convert the value in int first like that:

function GenerateCount($playCount) {
    global $setting;
        $counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
        $counter_res = mysql_query($counter_query);
        while($counter_row = mysql_fetch_array($counter_res)){
        $counter = intval($counter_row['hits']) + 1;
        $update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
        $playCount = mysql_query($update_counter_query);
        $playCount = $row['hits'];
    }
    return $playCount;

// Get count END
}

and check link:

Convert into int

Improve this answer

Comments

0

If mysql_query returns a Boolean, your query failed.

Presuming id is the primary key, you can use the following function to update on a database level which will prevent race conditions:

function GenerateCount($playCount) {
    global $setting;
    $update_counter_query = "UPDATE ava_games SET hits=hits + 1 WHERE id=".intval($_GET['id'])."";
    mysql_query($update_counter_query) or die(mysql_error());
    $counter_query = "SELECT hits FROM ava_games WHERE id=".intval($_GET['id'])." LIMIT 1";
    list($playCount) = mysql_fetch_row(mysql_query($counter_query));
    return $playCount;

// Get count END
}

also note the intval() around the $_GET variable to prevent SQL injection

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.