Uncaught TypeError

I have setup a link that will go to a page to show all the entries in my database that link shows.
So if i click on the genre section of my page then it should go to the genre.php page.

So at he top of the genre page i have an include with the following on

<?php
if(isset($_GET['name'])){

$id = mysqli_real_escape_string($db, $_GET['name']);
$sql = "SELECT * FROM games WHERE name= $id";
$game = mysqli_fetch_assoc($result);
}
?>

and when i go to the genre page i get the error

Uncaught TypeError: mysqli_fetch_assoc(): Argument #1 ($result) must be of type mysqli_result, bool given in string.php:14

I have a similar code at the year page and this works. The only thing i have changed is the ‘name’ to ‘id’ in if and $id lines.

here is the link code

<a href="genre.php?name=<?php echo $game['genre']; ?>"> <!--- for the genre --->
<a href="year.php?id=<?php echo $game['release_year']; ?>"> <!--- for the year --->

I have both of these in a varchar type on the database

… where is $result defined? Because it’s not there. You’ve forgotten a line somewhere.

$result = mysqli_query($db, $sql);

sorry forget to add to the code above

Ah okay. That makes sense now then.

your query failed. When a query fails, it returns false rather than a mysqli_result object.

Check your database, make sure that the query makes sense. You may also need to check the value of $id.

Your query is failing with an error, but because you don’t have any error handling, you don’t know if or why it is failing.

You always (not just when debugging a problem) need error handling for statements that can fail. For database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding logic at each statement, is to use exceptions for errors and in most cases simply let php catch the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.)

To enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

Once you do that, you will be getting an error about a non-existent column with a name of the data value. This is because literal string values in a query must be enclosed by single-quotes, making them a string, without the quotes the value is expected to be an identifier, i.e. a column name.

However, you should be using a prepared query when supplying an external, unknown, dynamic value to a query when it gets executed. While a prepared query only adds one statement per query, provided you are using the much simpler PDO extension, and it eliminates using the __escape_string() statements, it provides protection for all data types and it actually simplifies the sql query syntax, and would have prevented the error in this case, since only the prepared query place-holder is put into the sql query statement, and it doesn’t use different syntax for different data types.

1 Like