开发者

Extract a mysql resource to php array?

问答 作者:

My goal is to display the profile of a user. I have this function:

function get_profile($un) {
            if($registerquery = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
               return $profile = mysql_fetch_array($registerquery); 
           }
        }

Then the 开发者_C百科display snippet:

<?php $profile = $mysql->get_profile($un); 

foreach($profile as $key => $value){

     echo "<span>".$key.': '.$value."</span><br />"; 

  }

?>

But I get: "Warning: Invalid argument supplied for foreach() in..."

Help pls???

You need to see if the result was a success or not

if (gettype($result) == "boolean") {
    $output = array('success' => ($result ? 1 : 0));
}

And you need to cycle through it if it's a resource type...

if (gettype($result) == "resource") {
    if (mysql_num_rows($result) != 0 ) {
        while ($row = mysql_fetch_assoc($result)) {
            $output[] =$row;
        }
    }
}

I chopped up some real code that does basically everything pretty awful for you because I can't release it, sorry.

Check the result of get_profile, as it will return null if the query failed. You can't loop over null.

Be very very careful here. You are passing a raw string into the query function without escaping it and without using a parameterized query. Use mysql_escape_string around $un in your query. Your code flaw is called a sql injection attack.

Someone could pass their username as this

myusername'; update users set password = '';

And blank all passwords, thereby allowing themselves to access any account. Other similar shady attacks are equally likely.. you can basically do anything to a database with sql injection attacks.

I Agree with Anthony Forloney. The following code is just returning TRUE or FALSE depending on wether loading the $profile variable worked: 

return $profile = mysql_fetch_array($registerquery);

You don't need $profile. You can eliminate it as such:

return mysql_fetch_array($registerquery);

The function will return the array and then when you call the function later you can load it's return value into $profile as you do with the following:

$profile = $mysql->get_profile($un);

Try this:

function get_profile($un) {
    if($result = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
        return $result->fetchArray(MYSQLI_ASSOC); 
    }
    return array();
}

You're mixing MySQLi and MySQL functions and you can't do that. And, the last line of this code will return an empty array if the query does not work, rather than return null.

It is probably empty ($profile). Print the value of "count($profile)"

I have found that the easiest way to loop through mysql results is to use a while loop:

$select = "SELECT * FROM MyTable";
$result = mysql_query($select);
while ($profile = mysql_fetch_array($result)) {
    $name = $profile['name'];
    ...
}

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9