mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given [duplicate]

前端未结

关注

 5  1591

情话喂你

相关标签:

5条回答

迷失自我

2020-11-28 12:38

What happens in your code if $usertable is not a valid table or doesn't include a column PartNumber or part is not a number.

You must escape $partid and also read the document for mysql_fetch_assoc() because it can return a boolean

0 讨论(0)
发布评论:

提交评论
- 加载中...
执念已碎

2020-11-28 12:54
```
mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given
```
This means that the first parameter you passed is a boolean (true or false).

The first parameter is $result, and it is false because there is a syntax error in the query.
```
" ... WHERE PartNumber = $partid';"
```
You should never directly include a request variable in a SQL query, else the users are able to inject SQL in your queries. (See SQL injection.)

You should escape the variable:
```
" ... WHERE PartNumber = '" . mysqli_escape_string($conn,$partid) . "';"
```
Or better, use Prepared Statements.
0 讨论(0)
发布评论:

提交评论
- 加载中...

旧巷少年郎

2020-11-28 12:55

Mysqli makes use of object oriented programming. Try using this approach instead:

function dbCon() {
        if($mysqli = new mysqli('$hostname','$username','$password','$databasename')) return $mysqli; else return false;
}

if(!dbCon())
exit("<script language='javascript'>alert('Unable to connect to database')</script>");
else $con=dbCon();

if (isset($_GET['part'])){
    $partid = $_GET['part'];
    $sql = "SELECT * 
        FROM $usertable 
        WHERE PartNumber = $partid";

    $result=$con->query($sql_query);
    $row = $result->fetch_assoc();

    $partnumber = $partid;
    $nsn = $row["NSN"];
    $description = $row["Description"];
    $quantity = $row["Quantity"];
    $condition = $row["Conditio"];
}

Let me know if you have any questions, I could not test this code so you might need to tripple check it!

0 讨论(0)

广开言路

2020-11-28 12:57
This happens when your result is not a result (but a "false" instead). You should change this line
```
$sql = 'SELECT * FROM $usertable WHERE PartNumber = $partid';
```
to this:
```
$sql = "SELECT * FROM $usertable WHERE PartNumber = $partid";
```
because the " can interprete $variables while ' cannot.

Works fine with integers (numbers), for strings you need to put the $variable in single quotes, like
```
$sql = "SELECT * FROM $usertable WHERE PartNumber = '$partid' ";
```
If you want / have to work with single quotes, then php CAN NOT interprete the variables, you will have to do it like this:
```
 $sql = 'SELECT * FROM '.$usertable.' WHERE string_column = "'.$string.'" AND integer_column = '.$number.';
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
小蘑菇

2020-11-28 12:58
You are single quoting your SQL statement which is making the variables text instead of variables.
```
$sql = "SELECT * 
    FROM $usertable 
    WHERE PartNumber = $partid";
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

热议问题