...

View Full Version : ternary error for SQL



zodehala
02-21-2012, 07:42 PM
This is my code. if $_GET is not null everything is ok but if it s null i am giving following error . how can i correct it?


mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in sip.php on line 131
Sayfalanacak Veri yok.


$sira = 'DESC';
$agent = (isset($_GET["agent"])) ? $_GET["agent"] :'';
$cari = (isset($_GET["cari"])) ? $_GET["cari"] :'';
$urun = (isset($_GET["urun"])) ? $_GET["urun"] :'';
$telno = (isset($_GET["telno"])) ? $_GET["telno"] :'';
$tarih1 = (isset($_GET["date1"])) ? $_GET["date1"] :'';
$tarih2 = (isset($_GET["date2"])) ? $_GET["date2"] :'';

$kuladi = $_COOKIE["kuladi"];
$s1 = "SELECT * FROM $tablo WHERE xcode > 0
AND kuladi = '".$agent."'
AND urun = '".$urun."'
AND telno = '".$telno."'
AND cari = '".$cari."'
ORDER BY kayitzamani $sira";

$s2 = "SELECT count(*) AS total FROM $tablo WHERE xcode > 0
AND kuladi = '".$agent."'
AND urun = '".$urun."'
AND telno = '".$telno."'
AND cari = '".$cari."'";

Fou-Lu
02-21-2012, 08:11 PM
This hasn't a thing to do with a ternary operator usage. Failed ternaries result in a syntax error.
This issue is caused by a failed query. Execute mysql_query with an or die(mysql_error()); to fetch the cause of the failure.

felgall
02-21-2012, 08:40 PM
If amy of the $_GET fields you are using in your query are empty or contain invalid values then the query is either not going to work or will do something totally different from what you want. You need to validate the input and make sure the values are meaningful BEFORE you try to use them in the query.

Note also that null in PHP is not the same as NULL in SQL.

zodehala
02-21-2012, 08:50 PM
If amy of the $_GET fields you are using in your query are empty or contain invalid values then the query is either not going to work or will do something totally different from what you want. You need to validate the input and make sure the values are meaningful BEFORE you try to use them in the query.

Note also that null in PHP is not the same as NULL in SQL.

$_get can has 2 different values empty or any value . i want it does not give error if it is empty

felgall
02-21-2012, 09:10 PM
What is the query supposed to do when the field is empty - return everything in the database or nothing or what?

Also what about if a field contains SQL code and so gives the person access to the entire database? For example if $_GET['agent' contains "' x' OR 1=1; --" then all the data where xcode>0 would be returned regardless of what is in the other $_GET fields.

You MUST validate the data before using it to access the database and you need to dynamically build the query based on how you want it to handle where fiends are left empty.

zodehala
02-22-2012, 09:52 AM
this is query

$query = mysql_query($sqlStr.$limit, $link);
while($row = mysql_fetch_assoc($query)){

abduraooft
02-22-2012, 11:56 AM
Change it to

$query = mysql_query($sqlStr.$limit, $link) or die(mysql_error(). '<br>'.$sqlStr.$limit);


it is your responsibility to die() if necessary!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum