You have an error in your SQL syntax...

tinyang

Hello.

I'm having a problem with a query I'm trying to run against a database.

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1"

Here is the code:

<?php
session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}

//Connect and select database
	mysql_connect("192.168.254.000", "user", "pass") or die(mysql_error());
	mysql_select_db("tutorial") or die(mysql_error());

$username = $_SESSION['username'];
echo $username;
$query = mysql_query("SELECT * FROM profiles WHERE user = $username" );
mysql_query($query) or die(mysql_error());

 while ($result = mysql_fetch_array($query)){ 

?>
<table>
    <tr><td><b><?php echo $result['email']; ?> </b></td></tr>
</table>
<?php
	}
?>

When I echo $username; it has the correct info for that variable. When I put single quotes around $username in the $query string, it gives me this error. When I take the quotes away, it gives me "Query was empty" even though there is a row in the database that matches. When I take the select query and run it in the mysql query browser, it lists the expected output. Can someone here spot what I am doing wrong? Thanks for any help!

dagon

quote $username

tinyang

Hi Dagon. Thanks for the reply.

If I use quotes around $username, I get this error message:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1"

dagon

can you confirm which mysql function is producing the error?

bradgrafelman

Your problem is you're trying to send a resource as a query:

$query = mysql_query("SELECT * FROM profiles WHERE user = $username" );
mysql_query($query) or die(mysql_error());

Note the two calls to mysql_query()? I'm guessing that $query is supposed to simply be a string containing the query to be sent.

tinyang

bradgrafelman you are entirely correct about the $query string! 🙂 Thank you.

That fixes that problem, now I am facing a different one. I am trying to take the results of this $query and echo them into form fields. I found a couple examples online that I've tried, but I'm not having any luck. Below is an example of the code I have (see my earlier post for the rest of the code):

<td><input name="email" type="text" id="email" size=38 value="<?php echo $result['email']; ?>" ></td>

I've tried the value string without and with quotes, double and single. Any suggestions please?

djjjozsi

what is your problem with it?

<?php
$result=mysql_query($query) OR die(mysql_error() . " , " . $query);
while($res=mysql_fetch_assoc($result))
{
?>
<td><input name="email" type="text" id="email" size=38 value="<?php echo $res['email']; ?>"></td>
<?php
}
?>

bradgrafelman

If it's not working, you'll have to show us what the output is so we can try to find what's going wrong.

tinyang

Yes, sorry gentlemen, I should have included that in my previous post. When I try it this way, my entire field disappears.

bradgrafelman

Can you show us the code you tried?

tinyang

Absolutely. Here is the code I've tried so far.

<?php
session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}

//Connect and select database
	mysql_connect("192.168.254.000", "user", "pwd") or die(mysql_error());
	mysql_select_db("tutorial") or die(mysql_error());

$username = $_SESSION['username'];
//echo $username;
$query = "SELECT * FROM profiles WHERE user = '$username'";
mysql_query($query) or die(mysql_error());

 while ($result = mysql_fetch_array($query)){ 

?>
<table>
    <tr>
    <tr>
	<td><input name="email" type="text" id="email" size=38 value="<?php echo $result['email']; ?>" ></td>  

</table>

<?php
	}
?>

bradgrafelman

Do you not have error_reporting set to E_ALL or display_errors set to On?

Take a look at the manual for [man]mysql_fetch_array/man (or djjjozsi's sample code) to see how to properly use MySQL resources; the mysql_fetch_*() functions expect the parameter passed to be a MySQL resource, e.g. the one returned from [man]mysql_query/man.