Corriger une erreur/faille SQL

http:// ... rate.php?winner=37&loser=46

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /data/multiserv/users/1007150/projects/2640771/www/facemash/rate.php on line 18

Warning: Cannot modify header information - headers already sent by (output started at /data/multiserv/users/1007150/projects/2640771/www/facemash/rate.php:18) in /data/multiserv/users/1007150/projects/2640771/www/facemash/rate.php on line 38

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
include('./inc/dbconfig.php');
include('./inc/functions.php');

if ($_GET['winner'] && $_GET['loser']) {

    $result = mysql_query("SELECT * FROM images WHERE image_id = " . $_GET['winner'] . " ");
    $winner = mysql_fetch_object($result);

    $result = mysql_query("SELECT * FROM images WHERE image_id = " . $_GET['loser'] . " ");
    $loser = mysql_fetch_object($result);

    $winner_expected = expected($loser->score, $winner->score);
    $winner_new_score = win($winner->score, $winner_expected);
    
    mysql_query("UPDATE images SET score = " . $winner_new_score . ", wins = wins+1 WHERE image_id = " . $_GET['winner']);

    $loser_expected = expected($winner->score, $loser->score);
    $loser_new_score = loss($loser->score, $loser_expected);
    
    mysql_query("UPDATE images SET score = " . $loser_new_score . ", losses = losses+1  WHERE image_id = " . $_GET['loser']);

    // Insert battle
    mysql_query("INSERT INTO modelBattles SET winner = " . $_GET['winner'] . ", loser = " . $_GET['loser'] . " ");

    header('Location: /facemash');
}
?>