1 
$cq = "SELECT * FROM salescard WHERE custid = '$custid'";
$rq = mysqli_query($conn,$cq);
if ($c = mysqli_fetch_array($rq, MYSQLI_ASSOC)) {

$edate =$c['expdate'];
$ono = $c['orderno'];
$cno = $c['cardno'];
$c = $c['cvv'];
$email = $c['email'];
$no = $c['no'];

}

I am fetching data from the table and echoing the variables fetched above.

All the variables are echoed properly expect $email and $no.

Warning: Illegal string offset 'email' in 
C:\xampp\htdocs\erp\admin\viewsales\card.php on line 94

Warning: Illegal string offset 'no' in 
C:\xampp\htdocs\erp\admin\viewsales\card.php on line 95

All i know is this warning has something to do with variable being defined where an array is expected.

Only two variables are showing the error and rest are fetching properly How can i make this work properly?

EDIT

i surely have these two columns in my salescard table and i was able to store data into it from another form.

$email = $c['email'];
$no = $c['no'];

These are the lines 94 and 95

And i want to display the data here

<div class="form-group half left clear">
  <input type="text" value="<?php echo $email;?>" name="email" />
  <label class="control-label" for="input">Email Address</label><i 
class="bar"></i>
</div>

 <div class="form-group half right">
  <input type="text" value="<?php echo $no;?>" name="no" />
  <label class="control-label" for="input">Contact number</label><i 
class="bar"></i>       
 </div>
Improve this question
1
  • 1
    do you have email,no columns in your salescard table? Also where you are using these variables can you show that code (like 94,95 lines)? Commented Jul 29, 2017 at 22:50

1 Answer 1

Reset to default
3

You overwrite $c in line 93, and make it a string.

$c = $c['cvv'];

Should be:

$cvv = $c['cvv'];
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

This also stresses the importance of having meaningful variable names. $array or $data would suit so much more than $c.
damn!! these minor mistakes really costing me some time .. saving time with short variable names did backfired .. anyway thanks :)
@Arun it's pretty terrifying that you appear to be processing credit card data with code that looks lile like ... WHERE custid = '$custid'"; Variable interpolation into SQL queries is, for all practical purposes, never an acceptable practice. This code seems vulnerable to SQL injection. If you learned this from a book, you should set the book on fire.
@Michael-sqlbot. I'll admit that it is not clear who provides $custid. But without that information your comment seems harsh. If the source for $custid can't be trusted, and $custid is not sanitzed, you're absolutely correct.
@jh1711 agreed, it did sound harsh. It was a reaction to the notion of "saving time" (though I didn't explicitly say so) --building queries like this is "easy" but the danger of such practices can't really be overstated. Even concepts like "trusted" and "sanitized" are not really sufficient justifications for concatenation, as subsequent refactoring can undo those things and the undoing can go unnoticed. Good eye on the answer, btw. Seeing the magic string "cvv" was what initially set me off. CVV is never supposed to be stored in a database. You discard that after authorization.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.