CODEWITHSUNDEEP
phpdatabasepdo
Hybrilynx
Hybrilynx

Reputation: 185

Need to return/echo PHP PDO results from database

Well I've did do my research and I just can't seem to figure this out. So long story short, I'm using something like this:

btw, "(WebsiteInfo)" is just to sensor out my website/database information.

$SQL = new PDO('mysql:dbname=(WebsiteInfo);host=(WebsiteInfo);charset=utf8', '(WebsiteInfo)', '(WebsiteInfo)');

$SQL -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

$SQL -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Now, that's just currently just to start the database connect up. Which btw is mostly just a copy/paste code I found on this website too which is to prevent MySQL injection. Actually from this link How can I prevent SQL injection in PHP?. If there's anything wrong with it, I wouldn't mind advice or tips. As long as if it makes sense because I just started using databases probably not even a week ago so everything is new to me. Now there's this:

$Exicu = $SQL -> prepare("SELECT `tags` FROM `users` WHERE `user_id` = :a ") -> execute(array( ':a' => 16));

$Exicu is just there, because I have been trying to get the results from the query (if I said that right). Also the 16 is the users ID, but this will change often so that's why 16 isn't just tossed in the prepare statement. I've tried a lot of things but none of them worked. It either didn't work or made the PHP crash.

But anyway, things I already tried for $Exicu is $Exicu->rowCount(), $Exicu->bindParam, a while loop with $row = $Exicu->fetch(), $SQL->query($Exicu)->fetchAll();, a foreach loop with ($Exicu->fetch(PDO::FETCH_ASSOC) as $row), $Exicu->get_result(), echo PDO::query($Exicu);, echo mysql_result($Exicu), and just echo $Exicu. Yes I know, that looks pretty sloppy.

But none of these seemed to work to just show me the tags from the database of the specific user. So that's pretty much what I need help with. There's no problem when I use something like this echo mysql_result( mysql_query("SELECT (etc,etc)") ) but that doesn't have protection from MySQL injections.

Upvotes: 3

Views: 15088

Answers (2)

Your Common Sense
Your Common Sense

Reputation: 157989

There is a thing called user defined function.

I am wondering why noone on this site ever using them.
For some reason everyone is ready to make a mile long single line of chained methods, instead of clean and concise function call:

$user_id = 16;    
$tags = getone('SELECT tags FROM users WHERE user_id = ?',array($user_id));

there are many ways to create such a function. A quick and dirty one

function getone($sql, $data) {
    global $SQL;
    $stmt = $SQL->prepare($sql);
    $stmt->execute($data);
    return reset($stmt->fetch());
}

but of course it would be better to make set of functions and put them in a class

Upvotes: 0

aborted
aborted

Reputation: 4541

I do my PDO queries like this:

$user_id = 16;    

$query = $SQL->prepare('SELECT tags FROM users WHERE user_id = :uid');
$query->bindValue(':uid', $user_id, PDO::PARAM_INT);
$query->execute();

while ($row = $query->fetch(PDO::FETCH_ASSOC))
{
    echo $row['tags'];
}

This will select data from the database, bind values in it safely and then we echo out the results.

The loop is needed to iterate through every result returned from the query. You can skip the looping part and create a variable like in the while statement, and use $row as an array with your results.

Upvotes: 5

Related Questions