Reputation: 13
I can't fetch an array inside a function but I can do it outside of the function. When I fetched it outside the function and echo it out, it prints out 1, but inside the function, using the same fetch array codes and echoing it out, it echos as null. I can tell because the --- symbols echos out, but the number 1 doesn't. I'm confused, because if it worked outside the function, the same code should work inside a function, right? Unless I'm doing something wrong? Please help. Thanks.
<?php
include('connect.php');
include('username.php');
//include('functionGet.php');
$boo = $_GET['boo'];
echo "$boo";
function getData($select,$from,$where,$equals){
$fetch = mysql_fetch_array(mysql_query("SELECT acceptedChallenges FROM
userLogin WHERE username = '$username'"));
$fetch = $fetch['acceptedChallenges'];
echo "---$fetch---";
}
if($boo = 'yes'){
$acceptedChallenges =
getData("acceptedChallenges","userLogin","username",$username);
$fetch = mysql_fetch_array(mysql_query("SELECT acceptedChallenges FROM
userLogin WHERE username = '$username'"));
$fetch = $fetch['acceptedChallenges'];
echo "$acceptedChallenges$username$fetch";
//mysql_query("UPDATE userLogin SET openChallenges = '0' WHERE username =
'$username'");
//mysql_query("UPDATE userLogin SET acceptedChallenges =
'$acceptedChallenges' WHERE username = '$username'");
}
else{
}
?>
Upvotes: 1
Views: 630
Reputation: 1144
This code souns very bad:
I suggest:
Inside get() function use prepared statements to pass data and prevent injection
private databse;
function __construct($database) {
$this->databse=$databse;
}
function get($user) {
$sql='SELECT acceptedChallenges FROM userLogin WHERE username = :user';
$this->database->prepare($sql)
$this->database->bindParam(":user",$user,'PDO::INT_VALUE);
$this->database->execute();
if ($user=$this->databse->fetch()) {
return $user;
}
return false;
}
<?php
$database=new PDO(...);
$challengeObject=new ChallengeObject($database);
$user=$challengeObject->get($_POST['boo']);
if ($user!=false) {
echo "Authenticated successfull";
}
Upvotes: 0
Reputation: 19252
You're using $username
in your query, but there's no such variable in your function:
function getData($select,$from,$where,$equals){
$fetch = mysql_fetch_array(mysql_query("SELECT acceptedChallenges FROM
userLogin WHERE username = '$username'"));
$fetch = $fetch['acceptedChallenges'];
echo "---$fetch---";
}
In regards to the discussion in comments, here's a clip to demonstrate variable scope:
$username = "Testing";
function test1() {
echo $username; // Will emit Notice, since $username is undefined
}
function test2() {
global $username;
echo $username; // Will work, but this is bad practice
}
function test3($username) {
echo $username; // This is the proper way to do it
}
test1();
test2();
test3($username);
You can play with it here.
Upvotes: 1
Reputation: 12401
you are passing $where
instead of $username
so change
function getData($select,$from,$where,$equals){
to
function getData($select,$from,$username,$equals){
Upvotes: 1