2

I am trying to select a table within my database with a GET Method. Now when I hardcode the value of the variable in there (the table name) it works as expected and it returns the values in an array.

But when I try to determine the table name through a variable, I get the following error:

Fatal error: Call to a member function fetch_array() on a non-object in

Now I have tried the var_dump($result); but that returns bool(false).

Now the variable does carry a value, because when I echo it back to the screen it gives the value I would expect.

So why does not return the value when making the query for my table search???

     $result = $mysqli->query("SELECT * FROM PodcastSermons  WHERE sermonSeries = ". $series); //This where a change needs to happen

    var_dump($result);

        $posts = array();

        while($row = $result->fetch_array()) 
        {    
            $ID=$row['ID'];
            $sermonTitle=$row['sermonTitle'];
            $sermonSpeaker=$row['sermonSpeaker'];
            $sermonSeries=$row['sermonSeries'];
            $sermonDate=$row['sermonDate'];
            $linkToImage=$row['linkToImage'];
            $linkToAudioFile=$row['linkToAudioFile'];

            $posts []= array (
                'ID'=> $ID,
                'sermonTitle'=> $sermonTitle,
                'sermonSpeaker'=> $sermonSpeaker,
                'sermonSeries'=> $sermonSeries,
                'sermonDate'=> $sermonDate,
                'linkToImage'=> $linkToImage,
                'linkToAudioFile'=> $linkToAudioFile
            );
    }

    $response['posts'] = $posts;

    var_dump($posts);

PS I have read about the depreciation in mysql style and that I know have to use mysqli writing. I am running PHP Version 5.2.6-1+lenny16

Improve this question
1
  • 1
    Your query is failing, which is why $result is false. The error will be available in $mysqli->error after the query. Commented Jan 11, 2013 at 22:28

6 Answers 6

Reset to default
3

If the $series is a string you need to put quotes around the variable..

Try...

$result = $mysqli->query("SELECT * FROM PodcastSermons  WHERE sermonSeries = '". $series ."'");

Hope it helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Now I have tried the var_dump($result); but that returns bool(false).

Because your query failed.

Try:

if( ! $result = $mysqli->query("SELECT * FROM PodcastSermons  WHERE sermonSeries = ". $series); ) {
  echo "An error has occurred: \n" . var_export($mysqli->error_list, TRUE);
} else {
  //do stuff
}
Improve this answer

2 Comments

This now gives me Fatal error: Call to undefined method mysqli::var_export()
@JeffKranenburg yeah, I just noticed the broken $mysqli->var_export() bit and fixed it.
1

The central question seems to me: Where does $series come from? Where does that variable ever get initialized?

If you're passing this in from the web form, two things: either use $_GET or $_POST (whatever action you use in your form). And then you have to sanitize what comes from there, in order to not be vulnerable to SQL injection attacks. Prepared statements are your friend in this case; they help harden your script against this kind of attacks.

Improve this answer

3 Comments

It gets initialized at the top after <?php - $series = $_GET['series']; and at the moment it is just coming from a url, which will get changed later - url.com/test.php?series=nameOfTable
Then I think I know what is happening: You need to have quotes around the string for the query to work: ... where series = '".$series."'"
Also, do yourself the favor and invest the time to make this into a prepared statement. It's worth the time.
1

try this

$result = $mysqli->query("SELECT * FROM PodcastSermons  WHERE sermonSeries = '$series' ");
Improve this answer

Comments

1

$result = $mysqli->query("SELECT * FROM PodcastSermons WHERE sermonSeries = ". $series); //This where a change needs to happen

You should be using Prepared Statements if the variable: $series is user defined.

$result->prepare("SELECT * FROM PodcastSermons WHERE `sermonSeries`=?");
$result->bind_param('s', $series);
$result->execute();

Also, Print_r($result); to check if your initial $result to see if it has been populated; Furthermore, in your SQL Query is sermonSeries properly matched to your SQL Table?

Update:

while($row = $result->fetch_array()) 
        {

Try Modifying this to:

while($row = $result->fetch_array(MYSQLI_ASSOC))
{

https://www.php.net/manual/en/mysqli-result.fetch-array.php

Improve this answer

1 Comment

Your code does not help me, after trying it sorry - yes the variable is exactly the same - I copied and pasted it to be sure:-)
0

your query simply fails. check var_dump($series); before executing.

i assume it might be a string and you just don't quote it?

just a tip: first build a string with your commandtext before calling $mysqli->query. and use that string (like $mysqli->query($cmd);

dump that string :) might open your eyes ;)

that way you can extract it and execute it directly against the database (f.e. phpmyadmin).

Improve this answer

1 Comment

When I pass it to another variable and echo, print and whatever I can think of, there seems to be no issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.