Need help with MySQL...

[7Priest7]

I have never liked MySQL as a storage method...
In the past I have just used Plain Text files to bypass it...
However my current project requires more security...

anyhow here is the problem code...

PHP Code:

function search($select,$table,$row,$search,$row2=null,$search2=null){
$x = mysql_connect('localhost','root','root');
mysql_select_db('root_bloodmadness',$x);
if($select == '') {$resource = mysql_query("SELECT * FROM $table WHERE $row=`$search`",$x);}
else if(!isset($row2)){ $resource = mysql_query("SELECT $select FROM $table WHERE $row=`$search`",$x);}
else {$resource = mysql_query("SELECT $select FROM $table WHERE $row=`$search` AND $row2=`$search2`",$x);}
$result=mysql_fetch_row($resource);
mysql_close($x);
unset($x);
if(!isset($result[1])){$result = $result[0];}
return $result;
}

function insert($table,$rows,$values) {
$x = mysql_connect('localhost','root','root');
mysql_select_db('root_bloodmadness',$x);
$result = mysql_query("INSERT INTO $table($rows) VALUES($values)");
mysql_close($x);
unset($x);
return $result;
}

function update($table,$row,$value, $row2,$find) {
$x = mysql_connect('localhost','root','root');
mysql_select_db('root_bloodmadness',$x);
$result = mysql_query("UPDATE $table SET $row=$value WHERE $row2=$find");
mysql_close($x);
unset($x);
return $result;
} 


[Fri Jan 14 08:44:08 2011] [error] [client 127.0.0.1] PHP Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\\Users\\Alexander\\Documents\\UniServer\\www\\index.php on line 11, referer: http://localhost/index.php

^ I get this error a lot...

With how many ways I modified the above code I am starting to suspect it may be a problem with the function call(I checked the functions and databases and they should work)...

Thanks in advance for any effort made to assist me...

[PeejAvery]

If you prefer to use text files over MySQL then you don't understand SQL or its derivatives well. Case in point...you're using a grave accent (`) instead of single quotes for your values. That's your problem here. Values are always encased in single quotes, not the grave accent.

[7Priest7]

If you prefer to use text files over MySQL then you don't understand SQL or its derivatives well. Case in point...you're using a grave accent (`) instead of single quotes for your values. That's your problem here. Values are always encased in single quotes, not the grave accent.

I understand MySQL enough to know it requires more work than file_get_contents and file_put_contents...

I also know how incredibly easy it can be for a hacker to manipulate the querys on poorly checked user input(BTW properly checking the input adds more work)...

Anyhow Thank You(even though you intentionally tried to insult me)...

[PeejAvery]

No. There was no intentional insult there at all. Forgive me. I did not mean for it to come across that way. That's the risk of communicating through text instead of face to face.

As for hacking, as long as SQL injection is cared for, there is no worry on the query side.