Couple Warning/Error messages, dont know what they mean

[AB83Rules]

Hi, im having some issues with my site, ive done some mod rewrite, and it works fine,got the banner, and the url to work, but i get these error codes.

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/d/r/a/draftwatchers/html/2010.php on line 190

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/d/r/a/draftwatchers/html/2010.php on line 8

on a page like this. http://www.draftwatchers.com/profile/tim-hiller

for line 194, this is the php code, with my db, local and pw taken out.

PHP Code:

<?php

$mysql_link = mysql_connect("host", "user", "pw");

    mysql_select_db("db") or die("Could not select database");

$result = mysql_query("SELECT * FROM 2010prospects WHERE `id`=".$_GET[playerid]." ");
 
while($row = mysql_fetch_assoc($result)){
$player = $row[player];
$position = $row[position]; 
$college = $row[college];
$fortytime = $row[fortytime];
$projected = $row[projectedround];
$weight = $row[weight];
$height = $row[height]; 
$analysis = $row[analysis];
$boomer = $row[boomer];
$stever = $row[stever];
$jason = $row[jason];
$precombine = $row[precombine];
$postcombine = $row[postcombine];
}

echo
"<h2>$player</h2>
<br />
<table>
<tr>
<td>
<br />
</td>
<td>
<b>Position:</b> $position<br />
<b>College:</b> $college<br />
<b>Current Projection:</b> $projected<br />
<b>Pre Combine Projection:</b> $precombine<br />
<b>Post Combine Projection:</b> $postcombine<br />
<b>Height:</b> $height<br />
<b>Weight:</b> $weight<br />
<b>40 Time:</b> $fortytime<br />
<h2>Analysis</h2> $analysis<br />
<h2>Rankings</h2><br />
<b>Boomer's Positional Rank:</b> $boomer<br />
<b>Stever's Positional Rank:</b> $stever<br />
<b>Jason's Positional Rank:</b> $jason<br />
</td>
</tr>
</table>
<br />";

?>

and for line 8

PHP Code:

<?php  $mysql_link = mysql_connect("host", "user", "pw");

    mysql_select_db("db") or die("Could not select database");

$result = mysql_query("SELECT * FROM 2010prospects WHERE `id`=".$_GET[playerid]." ");

while($row = mysql_fetch_assoc($result)){
$player = $row[player];
$playerid = $row[id];
}
if ($player == "") {
    $player = "Default Page Title";
}
$title = $player;
?>

any help is greatly appreciated.

[Mindzai]

Your query is failing, so $result contains false. This is because there is no 'playerid' in the query string (in fact there is no query string).

btw, this:

PHP Code:

while($row = mysql_fetch_assoc($result)){
$player = $row[player];
$position = $row[position];
$college = $row[college];
$fortytime = $row[fortytime];
$projected = $row[projectedround];
$weight = $row[weight];
$height = $row[height];
$analysis = $row[analysis];
$boomer = $row[boomer];
$stever = $row[stever];
$jason = $row[jason];
$precombine = $row[precombine];
$postcombine = $row[postcombine];
} 


can be replace with:

PHP Code:

while($row = mysql_fetch_assoc($result)){
extract($row);
} 


There should also be quotes around string array keys:

PHP Code:

$_GET['playerid'] 


And your script is currently open to SQL injection attacks.

[NogDog]

Most often that means that MySQL was unable to process your query, and thus the result of mysql_query() was a boolean false instead of a query result resource ID. Therefore you need to debug what is going on with the query. So, when you do something like:

PHP Code:

$result = mysql_query('blah blah blah'); 


You should then check to see if $result == false, and if so, log some debug info and generate whatever sort of output error you want to give the user.

Also, you should never use unsanitized data from the user directly in a query, such as $_GET or $_POST values. See the manual page on mysql_real_escape_string() for more info, and Google on "SQL injection" for why.