This is the second part to my two part problem and honestly I don't understand why this one isn't working. What I'm trying to get this script to do is when i type in userinfo.php?users_id=4 or userinfo.php?id=4 (not sure what one will work yet)... it'll display that users info that I have below. This is the problem I've run into.

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/nodq/public_html/vbads/userinfo.php on line 9 What's wrong with my fetch_row function and how do i correct?

<?php

$x = $_GET['users_id'];

if (!$x) {

$get = mysql_query("SELECT users_username, users_email, users_utitle FROM evoBoard_users WHERE users_id='$x'");
$fetch = mysql_fetch_row($get);
$users_username = $fetch[0];
$users_email = $fetch[1];
$users_utitle = $fetch[2];
}

echo "
<html>
<head>


<br>
<table align='center' cellpadding='0' width='100%'>
<tr>
<td align='center'>
<u>Profile:</u>
<br><br>
<b>Name:</b> $users_username;
<br><br><b>Email:</b>  echo nospam($users_email); 
<br><br><b>Website:</b>  echo '<a target=\'_blank\' href=\'$website\'>$website</a>'; 
<br><br><b>User Title:</b>  echo $users_utitle; ";

?>

    Something is wrong with your query and mysql_query() returned false instead of a MySQL result resource. Look up the use of [man]mysql_error[/man] in debugging. My guesses are that (a) user_id is a numeric field, and values for it shouldn't be quoted; and (b), you're only running the query if $x is false and not when it has any other value. Also, note that nothing you've written stops anyone from writing SQL in their request and having it executed on your server.)

      Write a Reply...