php - mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean error but the result of the query is varchar -
i having below error when accessing link: (yes know ill use json later because better trying this) http://justedhak.comlu.com/insert.php?username=m&password=m
warning: mysqli_fetch_array() expects parameter 1 mysqli_result, boolean given in /home/a6901827/public_html/insert.php on line 18 but result of query varchar not boealan res varchar , query gives result 'yes' .. why having such error ?
<?php $host='mysql12.000webhost.com'; $uname='z'; $pwd='6'; $db="a6901827"; $con = mysqli_connect($host,$uname,$pwd) or die("connection failed"); if (mysqli_connect_errno($con)) { echo "failed connect mysql: " . mysqli_connect_error(); } $username = $_post['username']; $password = $_post['password']; $result = mysqli_query($con,"select res samle name='$username' , password='$password'"); $row = mysqli_fetch_array($result); $data = $row[0]; if($data){ echo $data; } mysqli_close($con); ?>
you open sql injections code. code doesn't work because sending get request looking post data.
<?php $host='mysql12.000webhost.com'; $uname='****'; $pwd='*****'; $db="******"; $con = mysqli_connect($host,$uname,$pwd) or die("connection failed"); if (mysqli_connect_errno($con)) { echo "failed connect mysql: " . mysqli_connect_error(); } $username = mysqli_real_escape_string($con, $_get['username']); $password = mysqli_real_escape_string($con, $_get['password']); $result = mysqli_query($con,"select res samle name='$username' , password='$password'"); $row = mysqli_fetch_array($result); $data = $row[0]; if($data){ echo $data; } mysqli_close($con); ?> also..
- you should consider using prepared statements in future.
- you should not store passwords in plain text.
- when posting code sure remove credentials.
- you use
$_request, post, get, or cookie used.
Comments
Post a Comment