Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

yoyoyo

When I try to submit my form it doesn't enter the data into the database. My page also shows this message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in .... line 18
Line 18 is marked below in the code.

Aside the code being dated, I can't get a handle on what to do to solve it. Can someone please help me out?

error_reporting (2039);
extract($_GET);
extract($_POST);

$server	= "server.com";
$username	= "uname";
$password	= "pword";
$database	= "mydb";

$db = @mysql_connect($server,$username,$password);
mysql_select_db($database);


if($submit =="save")
{
 $sales = addslashes($sales);
 $billing = addslashes($billing);
 $support = addslashes($support);
 $query = mysql_query("update variables set sales='$sales', billing='$billing', support='$support' where id = 1");
}
  $query = mysql_query("select sales, billing, support from variables");
  $row = mysql_fetch_array($query, MYSQL_ASSOC); // line 18
  $sales = stripslashes($row['sales']);
  $billing = stripslashes($row['billing']);
  $support = stripslashes($row['support']);

dalecosp

$query = mysql_query("select sales, billing, support from variables"); 
if (!$query) die("MYSQL blew up with error message: ".mysql_error());

You should write conditional tests for things that might fail, and please, really, stop using the MySQL extension (see the post in my signature).

Bonesnap

1) mysql_query() returns a resource when successful. It's not.
2) mysql_fetch_array() takes a resource, but it's not getting one.
3) You should probably take a look as to why (double-check that all columns and tables are spelled correctly).
4) As dalecosp pointed out: you should really stop using the MySQL extension (and use something else like MySQLi or PDO).
5) Be sure to use meaningful variable names in your code. $query isn't a query. It's supposed to be a resource. It will make debugging a lot easier (and easier for others like us to decipher your code).
6) Addslashes() is NOT sufficient for avoiding SQL injection and really you shouldn't be mangling your data anyway. Only sanitize your data when you need to display it. If you were using MySQLi or PDO you could utilize prepared statements and not have to do the extra work of "slashing" and "unslashing" your data in the first place.
7) It's best practice to check if your variables exist before using them. You can do this with [man]isset/man.
8) For emphasis: Stop using the MySQL extension and instead use MySQLi or PDO.

Feel free to ask questions.

yoyoyo

dalecosp;11047409 wrote:
$query = mysql_query("select sales, billing, support from variables"); 
if (!$query) die("MYSQL blew up with error message: ".mysql_error());
You should write conditional tests for things that might fail, and please, really, stop using the MySQL extension (see the post in my signature).

Ah, cool. Thanks guys. Can I get you to take one more look?
I added Dalecosp's suggestion and now I get more info from the error. I know I have more work to do so it's updated. For now I just need to get by with a working site, then do the heavy lifting later.

MYSQL blew up with error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'billing, support from variables' at line 1

NogDog

I like to put the SQL into a variable, so that I can spit it out in the debug info and see it exactly as submitted to the DBMS. Also, if you break it up into multiple lines, it will tell you which line it got confused at.

$sql = "select 
  sales,
  billing,
  support
from variables";
$query = mysql_query($sql); 
if (!$query) die("<pre>MYSQL blew up with error message:\n".mysql_error()."\n$sql</pre>");

NogDog

PS: this sort of thing is useful for debugging, but you don't want your actual production code to spew out database details. Ultimately, instead of die()-ing like that if it fails, you want to use error_log() to record the debug data, and then output some generic "We're sorry" message to the user.

dalecosp

yoyoyo;11047421 wrote:
MYSQL blew up with error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'billing, support from variables' at line 1

I don't see that there is a MySQL syntax error there. Given a table:

mysql> describe variables;
+---------+----------+------+-----+---------+----------------+
| Field   | Type     | Null | Key | Default | Extra          |
+---------+----------+------+-----+---------+----------------+
| id      | int(11)  | NO   | PRI | NULL    | auto_increment |
| sales   | tinytext | YES  |     | NULL    |                |
| billing | tinytext | YES  |     | NULL    |                |
| support | tinytext | YES  |     | NULL    |                |
+---------+----------+------+-----+---------+----------------+
4 rows in set (0.00 sec)

I can do:

mysql> select sales, billing, support from variables;
+-------+---------+---------+
| sales | billing | support |
+-------+---------+---------+
| Bill  | Bob     | Randy   |
| Bill  | Fred    | Randy   |
| Jim   | Bob     | Mike    |
+-------+---------+---------+
3 rows in set (0.00 sec)

Furthermore, I can't see that "sales", "billing", or "support" are in the reserved words list.

Can you 1] tell us your MySQL server version, 2] ditto MySQL client version used by PHP, and 3] do as NogDog suggests, putting your SQL in a variable and have it echoed out before and after the query is performed to look for potential problems?