Error: mysql_fetch_assoc within function

Question

Error: mysql_fetch_assoc within function

Navigation

#1 by (3 votes)

2

function retornaStatusPesquisa($numeroStatus,$nomePessoa, $nomeTabela){
    $query = mysql_query("SELECT COUNT(status) AS valorStatus FROM $nomeTabela WHERE status=$numeroStatus AND nomePessoa='$nomePessoa'");
    $contador=mysql_fetch_assoc($query);
    return $contador;
}

I'm getting this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE status = 1 AND namePerson =' Joao '' at line 1

It's probably because of $nomeTabela , I do not know for what reasons this happens, could you give a light?

php mysql

asked by anonymous 30.06.2015 / 00:38

1 answer

Compare strings with accents, UTF-8 Error 500 Request exceeded the limit of 10 internal redirects

score 3 · Answer 1

There is a possibility that you or someone else may be passing $nomePessoa with a single quotation mark, example João' , and this ends up breaking the logic of its concatenation of parameters besides opening security holes.

Prefer to pass the parameters through bindValue , more information here: #

Another source that may help you change your project to PDO: link