query wont execute

[ReTech]

could someone please help me I have been trying to help a friend with his

code for a few weeks now and it seems that the first query will not work for the if statement.

i changed it ($slot_display) to a function and got it to display on the page, but I am far from

being an expert... is there anything obviously wrong here besides depreciated code lol

 

<?
include 'db.php';
$genre = $_GET[id];

$result = mysql_query("SELECT `timeslot` FROM `aclient`");
$slot_display = mysql_fetch_row($result);

if($slot_display == 4){
$resultb = mysql_query("SELECT `aad` FROM `aprog` WHERE `tag`='$genre'");
$songid = mysql_fetch_array($resultb);
}

$finalq  = mysql_query("SELECT * FROM `mtracks` WHERE `id`='$songid'");
$shmedia = mysql_fetch_array($finalq);
?>

 

i know this is a little off topic for this site but i figured i would ask somebody ... and fyi the timeslot does = 4

[Razor42]

Are you sure the GET['id'] is working? Trying printing that and see if it does as the error could lie there. Also look into securing $_POST & $_GET

[dnenb]

You should validate what you get from $_GET before using it in a query..!

[Alan]

Amazing what people miss

<?php                                                                 # [1]

include(__DIR__ . '/db.php');                                               # [2]

$genre = array_key_exists('id', $_GET) && ctype_digit($_GET['id'])          # [3]
      ? $_GET['id']
      : 0;                                                                 # [4]

$sql = "SELECT timeslot FROM aclient";                                      # [5]
$rs  = mysql_query($sql);

if (!is_resource($rs)) {                                                    # [6]
   trigger_error('MySQL query failed -- $sql -- ' . mysql_error());
   exit;
}

$row = mysql_fetch_row($rs);
mysql_free_result();                                                        # [7]

if (!is_array($row) || !count($row)) {                                      # [8]
   trigger_error('Unexpected MySQL response to query -- ' . serialize($row));
   exit;
}

$slot_display = $row[0];

if ($slot_display == 4) {
   $sql = "SELECT `aad` FROM `aprog` WHERE `tag` = $genre";                # [9]
   $rs  = mysql_query($sql);

   if (!is_resource($rs)) {
       trigger_error('MySQL query failed -- $sql -- ' . mysql_error());
       exit;
   }

   $row = mysql_fetch_row($rs);

   if (!is_array($row) || !count($row)) {
       trigger_error('Unexpected MySQL response to query -- ' . serialize($row));
       exit;
   }

   $songid = $row[0];
}
else {
   $songid = 0;                                                            # [10]
} 

$sql = "SELECT * FROM mtracks WHERE id = $songid";
$rs  = mysql_query($sql);

if (!is_resource($rs)) {
   trigger_error('MySQL query failed -- $sql -- ' . mysql_error());
   exit;
}

$row = mysql_fetch_row($rs);
mysql_free_result();

if (!is_array($row)) {
   trigger_error('Unexpected MySQL response to query -- ' . serialize($row));
   exit;
}

$shmedia = $row;

1. Use full php tags `<?php` not the short-open tags

2. Be explicit where you include files from

3. Check the user has actually passed some data and type check it

4. Provide a default (or throw an error) if missing or bad

5. Define the SQL prior to calling it (makes it easier when debugging)

6. Always check the result of mysql_query

7. Get into the habit of free'ing the result result (good practice)

8. Check the result of the fetch operation - there may be no rows after all

9. Indent your code - code is meant to be read by humans, it makes our lifes easier

10. Ensure variables are declared prior to SQL calls

11. Lose the terminating ?>, there's no need for it

12. Where possible, use PSR1 etc (Google it)