ansaurus

Question

PHP: Making this grabbing from db easier/simpler way?

Answer 1

A:

May be not easier, but more securely:

$id = mysql_real_escape_string($show['uID']);
$query = mysql_query("SELECT `full_name` FROM `users` WHERE id = '".$id."'");
$row = mysql_fetch_array($query);
echo $row['full_name'];

Oh you can to make id with intval:

$id = intval($id);

Alexander.Plutov 2010-09-15 08:03:59

Answer 2

+1 A:

The only way to abstract this any more and thereby make the actual call shorter is by using a DAL and/or ORM like Doctrine or Propel, which you should anyway.

deceze 2010-09-15 08:06:03

+1 for genuine abstraction, not just (more or less) generalized helper methods.

jensgram 2010-09-15 08:21:27

@jensgram as a matter of fact, Doctrine has very similar helpers.

Col. Shrapnel 2010-09-15 11:44:15

Answer 3

A:

This could make further DB-questions easier;

function mysql_fetch_scalar($res)
{
    $arr = mysql_fetch_array($res);
    return $arr[0];
}

$query = mysql_query("SELECT full_name FROM users WHERE id = '".intval($show[uID])."'");
$fullname = mysql_fetch_scalar($query);
echo $fullname . " ";

NoLifeKing 2010-09-15 08:11:17

1) How is this any easier? 2) This doesn't work in PHP.

deceze 2010-09-15 08:12:37

1. Thought it would be easier with a function that returned the value of the first field 2. Yes, I saw that after I posted, I fixed the code aswell.

NoLifeKing 2010-09-15 08:32:10

That's easy enough to not warrant abstraction into a super specialized function IMHO. You could make it a one-liner with `current(mysql_fetch_array())` if you insist. Removed the -1 though, since at least the code works now.

deceze 2010-09-15 08:42:21

Answer 4

A:

Sure.
Moreover, you should - to make a function out of these repetitive API functions calls.
Something as simple, as this

function dbgetvar($query){
  $res = mysql_query($query);
  if (!$res) {
    trigger_error("dbget: ".mysql_error()." in ".$query);
    return FALSE;
  }
  $row = mysql_fetch_row($res);
  if (!$row) return "";
  return $row[0];
}

have this function in your config file and use every time you want a value from database:

echo dbgetval("SELECT full_name FROM users WHERE id = '$show[uID]'");

(I hope you have $show[uID] escaped)

Of course there can be also 2 similar functions, to return a row or a rowset. Or just one but with additional parameter. Or you can combine them into class...

You can make it even escape variables for you:

function dbgetvar(){
  $args = func_get_args();
  $query = array_shift($args);
  foreach ($args as $key => $val) {
    $args[$key] = "'".mysql_real_escape_string($val)."'";
  }
  $query = vsprintf($query, $args);
  if (!$query) return false;

  $res = mysql_query($query);
  if (!$res) {
    trigger_error("dbget: ".mysql_error()." in ".$query);
    return FALSE;
  }
  $row = mysql_fetch_row($res);
  if (!$row) return "";
  return $row[0];
}

echo dbgetvar("SELECT full_name FROM users WHERE id = %s",$show['uID']);

Col. Shrapnel 2010-09-15 08:11:58

Answer 5

+2 A:

Ignoring possible security breaches and the usefulness of a DAL (see @deceze's answer), I recommend the use of mysql_result() instead of mysql_fetch_assoc() (or *_array() or whatever):

$query = mysql_query("SELECT full_name FROM users WHERE id = '$show[uID]'");
$fullName = mysql_result($query, 0);
echo $fullName . " ";

Not easier per se but should be more in line with the intention of the query (fetch one field in one row).

jensgram 2010-09-15 08:18:43

Answer 6

A:

That's what you have to do. You could wrap that in a helper function if you're using it a fair bit, but then you'd probably want to cache the answer you get - I don't suppose the name changes all that often...

function echoName($user_id) {
    $id = mysql_real_escape_string($user_id);
    $query = mysql_query("SELECT full_name FROM users WHERE id = '$id'");
    $row = mysql_fetch_array($query);
    echo $row["full_name"] . " ";
}

// ...

echoName($show['uID']);

Cylindric 2010-09-15 16:44:58

ansaurus

tags:

views:

answers:

PHP: Making this grabbing from db easier/simpler way?

related questions