mysql resource is not valid

[sniperscope]

I always use my queries like below

mysql_query("SELECT id FROM someTable", $cn);

 

but some times i see in my error_log says: mysql_fetch_array(): supplied argument is not a valid MySQL result resource. Why is this happening?

I mean, there is no problem with my sites and all they are working as they should be but why php generates this error?

[PFMaBiSmAd]

To get the best answer, you would need to post the code from the point where you are forming and executing the query through to the end of the loop that is retrieving the data, but the most common reasons for that error are -

 

1) A query that is failing due to an error (perhaps you are not escaping string data and sql special characters in the data is causing an sql syntax error or you are expecting numerical data but are receiving an alpha string as data...)

 

2) You are overwriting the $result resource variable in your code.

 

If the problem is due to item #1, it also means that your code is not checking if the query worked or failed before you attempt to access the result set the query returned and it could also mean that you are not properly validating and escaping the external data that your script receives. If any query is failing due to an error, you should not execute follow-on code that is dependent on the result of that query AND your script should be logging the actual mysql_error() that occured and the actual query string so that you would have a record of what is failing so that you can fix it.

 

[sniperscope]

Okay here is the code i use.

<?php
include('../inc/cn.php');    // database connection file
require_once('../inc/functions.php');

if(!isset($_GET['id']) || $_GET['id'] < 1)
	header('location: ../top/index.php');
else
	$ID = (int)$_GET['id'];

$TODAY = mktime(0, 0, 0, date("n"), date("d") - $midnight_num, date("Y"));

$SQL = mysql_query("SELECT * FROM personals WHERE id = '$_GET[id]' LIMIT 1", $cn);
$ROW = mysql_fetch_array($SQL);   // where the error occur.
?>

[PFMaBiSmAd]

The code you posted has some problems -

 

1) You need an exit; statement after your header() redirect to prevent the remainder of the code on your page from executing while the browser is preforming the redirect. Your current code is still executing the query when $_GET['id'] is empty or when $_GET['id'] contains things like alpha strings (i.e. someone trying to inject sql.) You will need to use {} in your if(){} statement to encompass the header() and exit; statements.

 

2) You are using the original $_GET['id'] value and not the sanitized $ID variable in your query, so $_GET['id'] can contain things that start with a numerical term but also contain injected sql.

 

3) You don't have any error checking, error reporting/logging, and error recovery logic in your code, to 1) Check if the query worked or failed, 2) Output a user error messaged (i.e. an error occurred that prevents this page from being accessed) and log the relevant information about the error, and 3) take an appropriate action if an error occurred (recover from the error) by preventing any follow-on errors due to accessing a non-existent result resource.

[sniperscope]

Thank you so much for your suggestion.

Now i see my mistakes.