tags:

views:

66

answers:

7
Q: 

Extract a mysql resource to php array?

My goal is to display the profile of a user. I have this function:

function get_profile($un) {
            if($registerquery = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
               return $profile = mysql_fetch_array($registerquery); 
           }
        }

Then the display snippet:

<?php $profile = $mysql->get_profile($un); 

foreach($profile as $key => $value){

     echo "<span>".$key.': '.$value."</span><br />"; 

  }

?>

But I get: "Warning: Invalid argument supplied for foreach() in..."

Help pls???

A: 

Check the result of get_profile, as it will return null if the query failed. You can't loop over null.

Ian Wetherbee  2010-08-11 19:52:30
Yah it's null. I suspect the problem is the "return" line. The assignment doesn't assign anything...
Joann  2010-08-11 19:59:04
Assigning the result to `$profile` doesn't do anything as you didn't declare `global $profile` in your function, just return the result directly instead and capture the value. The problem must be somewhere in your `MySQL->conn->query` function.
Ian Wetherbee  2010-08-11 20:03:58
This how I got the "conn". It's a new instance of mysqli. private $conn; function __construct() { $this->conn = new mysqli(DB_SERVER_USERS, DB_USER_USERS, DB_PASSWORD_USERS, DB_NAME_USERS) or die('There was a problem connecting to the database.'); }
Joann  2010-08-11 20:11:12
Add an `else` statement to the `get_profile` function to alert if the query failed. A bad query would also cause your function to return `null`.
Ian Wetherbee  2010-08-11 20:57:53
A: 

I Agree with Anthony Forloney. The following code is just returning TRUE or FALSE depending on wether loading the $profile variable worked: 

return $profile = mysql_fetch_array($registerquery);

You don't need $profile. You can eliminate it as such:

return mysql_fetch_array($registerquery);

The function will return the array and then when you call the function later you can load it's return value into $profile as you do with the following:

$profile = $mysql->get_profile($un);
Andrew  2010-08-11 20:02:07
Tried it didn't work. Tried to echo $profile, nothing shows up, so the function returns a null.
Joann  2010-08-11 20:04:53
Yes, I think you're query is returning nothing then. Try a simple query like `SELECT 1,2,3` to see if the rest of your function is working properly.
Andrew  2010-08-11 20:28:25
A: 

Be very very careful here. You are passing a raw string into the query function without escaping it and without using a parameterized query. Use mysql_escape_string around $un in your query. Your code flaw is called a sql injection attack.

Someone could pass their username as this

myusername'; update users set password = '';

And blank all passwords, thereby allowing themselves to access any account. Other similar shady attacks are equally likely.. you can basically do anything to a database with sql injection attacks.

Zak  2010-08-11 20:18:12
+1  A: 

You need to see if the result was a success or not

if (gettype($result) == "boolean") {
    $output = array('success' => ($result ? 1 : 0));
}

And you need to cycle through it if it's a resource type...

if (gettype($result) == "resource") {
    if (mysql_num_rows($result) != 0 ) {
        while ($row = mysql_fetch_assoc($result)) {
            $output[] =$row;
        }
    }
}

I chopped up some real code that does basically everything pretty awful for you because I can't release it, sorry.

 2010-08-11 20:51:58
A: 

Try this:

function get_profile($un) {
    if($result = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
        return $result->fetchArray(MYSQLI_ASSOC); 
    }
    return array();
}

You're mixing MySQLi and MySQL functions and you can't do that. And, the last line of this code will return an empty array if the query does not work, rather than return null.

Scott Saunders  2010-08-11 20:55:52
A: 

I have found that the easiest way to loop through mysql results is to use a while loop:

$select = "SELECT * FROM MyTable";
$result = mysql_query($select);
while ($profile = mysql_fetch_array($result)) {
    $name = $profile['name'];
    ...
}
smfoote  2010-08-11 21:02:54
Make sure you wrap your array keys in single quotes, otherwise it will search for a constant first then revert to 'name' - considered very bad practice. Also much better to utilize MySQLi methods instead of just vanilla MySQL functions
Stoosh  2010-08-12 00:44:33
Interesting. What are MySQLi functions? I do like improving my code whenever I can.I do use single quotes, except when the I'm calling the array key inside of a set of double quotes. Is it bad practice to leave out the single quotes in that case, as well?
smfoote  2010-08-12 21:24:15
A: 

It is probably empty ($profile). Print the value of "count($profile)"

AndreyKo  2010-08-11 21:05:26

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL