Parameter Passing (PHP)

Question

I am trying to select a record in a database. I am having a problem with the function runSelect (function is to select a record in the database) I believe it might be with how I am passing my variables in the functions.

    function select($pUserData){
        echo "I am in function select." . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tablName WHERE id= " . $pUserData[0];

        $con = openConnection();

        $result = $con->query($sqlQuery);

        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);          
    }                

    function openConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in openConnection" . "<br/>";         

        return $connection;
    }

    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

Answer 1

Be aware that $_POST only retrieves parameters that have been POST'ed to the script (usually via a form submission). For parameters passed in via the URL then they would be populated in $_GET. If the request method (POST or GET) is not important then $_REQUEST can help beacause it gets populated with both POST and GET (and cookies) parameters:

http://php.net/manual/en/reserved.variables.php

Answer 2

I did some changes in the code to avoid errors and also made some fallback handling. Such changes have comments explaining them. I debug the following code and is working perfectly.

<?php
    init();

    function init(){
        // Retrieve and store data from form
        $uData = getData();

        // Take an action based on value from user
        switch($uData[5]){
            case "select":
                runSelect($uData);
                echo "I need to select";
                break;
            case "insert":
                runInsert($uData);
                echo "I need to runInsert" . "<br/>";
                break;
            case "update":
                runUpdate($uData);
                echo "I need to runUpdate" . "<br/>";
                break;
            case "delete":
                runDelete($uData);
                break;
            default:
                break;
        }

    } // end init()

    function getData() {
        $id_num = isset($_REQUEST["id_num"]) ? $_REQUEST["id_num"] : "1"; //if no id is pass let's assume that the user wants the record with id 1
        $first_name= isset($_REQUEST["first_name"]) ? $_REQUEST["first_name"] : "";
        $last_name = isset($_REQUEST["last_name"]) ? $_REQUEST["last_name"] : "";
        $major = isset($_REQUEST["major"]) ? $_REQUEST["major"] : "";
        $year = isset($_REQUEST["year"]) ? $_REQUEST["year"] : "";
        $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : "select"; //assume the default action as select

        $userData = array($id_num, $first_name, $last_name, $major, $year, $action);

        return $userData;
    }

    //function runSelect -------------------------------------------------------------------------------------------------
    function runSelect($pUData){
        echo "I am in runSelect" . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tblStudents WHERE id= " . $pUData[0];

        // Create the connection
        $con = getConnection();

        // Execute query and save results
        $result = $con->query($sqlQuery);

        // Display results
        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);

    }



    //function getConnection -------------------------------------------------------------------------------------------------
    function getConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in getConnection" . "<br/>";


        return $connection;
    }

    //function closeConnection -------------------------------------------------------------------------------------------------
    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

Answer 3

Based on the comments so far it sounds like the query didn't return a result (it's set to FALSE). Therefore when you attempt to fetch the row you're getting a fatal PHP error but you have error output turned off so you don't see it.

Check the value of $result and if it's FALSE check what the error is via:

http://www.php.net/manual/en/mysqli.error.php

Answer 4

1. Your code is open to SQL injection...
2. Only provide the data the function needs, not the entire input array.
3. Connecting and disconnecting to the db for every query is inefficient if you got multiple queries in the future. Let PHP disconnect from the DB when it exits until there is a need to microcontrol it (probably never) and you can manage your resources better.
4. Print the contents of $_POST with var_export or var_dump at the start of your program.
5. Print $result->num_rows in the runSelect function.

6. Add a few lines like this:

   echo '<p>' . __LINE__ . '</p>';