CODEWITHSUNDEEP
phpsql
jc70
jc70

Reputation: 247

Parameter Passing (PHP)

I am trying to select a record in a database. I am having a problem with the function runSelect (function is to select a record in the database) I believe it might be with how I am passing my variables in the functions. 

    function select($pUserData){
        echo "I am in function select." . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tablName WHERE id= " . $pUserData[0];

        $con = openConnection();

        $result = $con->query($sqlQuery);

        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);          
    }                

    function openConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in openConnection" . "<br/>";         

        return $connection;
    }

    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

Upvotes: 2

Views: 2324

Answers (4)

OIS
OIS

Reputation: 10033

  1. Your code is open to SQL injection...
  2. Only provide the data the function needs, not the entire input array.
  3. Connecting and disconnecting to the db for every query is inefficient if you got multiple queries in the future. Let PHP disconnect from the DB when it exits until there is a need to microcontrol it (probably never) and you can manage your resources better.
  4. Print the contents of $_POST with var_export or var_dump at the start of your program.
  5. Print $result->num_rows in the runSelect function.

  6. Add a few lines like this: 

    echo '<p>' . __LINE__ . '</p>';

Upvotes: 5

Rob Olmos
Rob Olmos

Reputation: 2432

Based on the comments so far it sounds like the query didn't return a result (it's set to FALSE). Therefore when you attempt to fetch the row you're getting a fatal PHP error but you have error output turned off so you don't see it.

Check the value of $result and if it's FALSE check what the error is via:

http://www.php.net/manual/en/mysqli.error.php

Upvotes: 1

Jo&#227;o Louros
Jo&#227;o Louros

Reputation: 2760

I did some changes in the code to avoid errors and also made some fallback handling. Such changes have comments explaining them. I debug the following code and is working perfectly.

<?php
    init();

    function init(){
        // Retrieve and store data from form
        $uData = getData();

        // Take an action based on value from user
        switch($uData[5]){
            case "select":
                runSelect($uData);
                echo "I need to select";
                break;
            case "insert":
                runInsert($uData);
                echo "I need to runInsert" . "<br/>";
                break;
            case "update":
                runUpdate($uData);
                echo "I need to runUpdate" . "<br/>";
                break;
            case "delete":
                runDelete($uData);
                break;
            default:
                break;
        }

    } // end init()

    function getData() {
        $id_num = isset($_REQUEST["id_num"]) ? $_REQUEST["id_num"] : "1"; //if no id is pass let's assume that the user wants the record with id 1
        $first_name= isset($_REQUEST["first_name"]) ? $_REQUEST["first_name"] : "";
        $last_name = isset($_REQUEST["last_name"]) ? $_REQUEST["last_name"] : "";
        $major = isset($_REQUEST["major"]) ? $_REQUEST["major"] : "";
        $year = isset($_REQUEST["year"]) ? $_REQUEST["year"] : "";
        $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : "select"; //assume the default action as select

        $userData = array($id_num, $first_name, $last_name, $major, $year, $action);

        return $userData;
    }

    //function runSelect -------------------------------------------------------------------------------------------------
    function runSelect($pUData){
        echo "I am in runSelect" . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tblStudents WHERE id= " . $pUData[0];

        // Create the connection
        $con = getConnection();

        // Execute query and save results
        $result = $con->query($sqlQuery);

        // Display results
        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);

    }



    //function getConnection -------------------------------------------------------------------------------------------------
    function getConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in getConnection" . "<br/>";


        return $connection;
    }

    //function closeConnection -------------------------------------------------------------------------------------------------
    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

Upvotes: 1

Rob Olmos
Rob Olmos

Reputation: 2432

Be aware that $_POST only retrieves parameters that have been POST'ed to the script (usually via a form submission). For parameters passed in via the URL then they would be populated in $_GET. If the request method (POST or GET) is not important then $_REQUEST can help beacause it gets populated with both POST and GET (and cookies) parameters:

http://php.net/manual/en/reserved.variables.php

Upvotes: 0

Related Questions