I'm trying to insert a row into a table for each fetch from another table using a while loop. The code I currently have inserts the first users data into the database.
If the insert query is outside of the loop it will enter the last users data. It must be an issue iterating through the array. Is there a way I can index the array values for each pass of the loop?
$query = "SELECT * FROM users_table" ;
$statement = $db->prepare($query);
$rows = $statement->fetchAll();
$statement->execute();
while($rows = $statement->fetch()){
$salted = $sso_key . $companyId;
$hash = hash('sha1',$salted,true);
$saltedHash = substr($hash,0,16);
$iv = substr(md5(microtime()),rand(0,16),16); //Generate random 16 bit string
$user_data = array(
"user_id" => $rows['id'],
"first_name" => $rows['first_name'],
"last_name" => $rows['last_name'],
"email" => $rows['email'],
"position" => $rows['type']);
$data = json_encode($user_data);
$data = $iv . $data;
$pad = 16 - (strlen($data) % 16);
$data = $data . str_repeat(chr($pad), $pad);
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'','cbc','');
mcrypt_generic_init($cipher, $saltedHash, $iv);
$encryptedData = mcrypt_generic($cipher,$data);
mcrypt_generic_deinit($cipher);
$encryptedData = base64_encode($encryptedData);
$token = array(
"token" => $encryptedData
);
$token_data = json_encode($token);
echo "
<br>Here is the token for ".$user_data['first_name'].", ".$user_data['last_name']."
".$user_data['email'] ." :
" . $token['token'];
$query = "INSERT INTO another_table
(token ,first_name,last_name,email,position)
VALUES (:token, :first_name,
:last_name, :email, :position)";
$statement = $db->prepare($query);
$statement->bindValue(':token', $token['token']);
$statement->bindValue(':first_name', $user_data['first_name']);
$statement->bindValue(':last_name', $user_data['last_name']);
$statement->bindValue(':email', $user_data['email']);
$statement->bindValue(':position', $user_data['position']);
$statement->execute();
}
?>
Reducing that code to the basics, you have this:
$query = "SELECT * FROM users_table" ;
$statement = $db->prepare($query);
$rows = $statement->fetchAll();
$statement->execute();
while($rows = $statement->fetch()){
// .. stuff ..
$query = "INSERT INTO another_table
(token ,first_name,last_name,email,position)
VALUES (:token, :first_name,
:last_name, :email, :position)";
$statement = $db->prepare($query);
$statement->bindValue(':token', $token['token']);
$statement->bindValue(':first_name', $user_data['first_name']);
$statement->bindValue(':last_name', $user_data['last_name']);
$statement->bindValue(':email', $user_data['email']);
$statement->bindValue(':position', $user_data['position']);
$statement->execute();
}
See the problem yet? Ok, here is a hint to fix it:
$query = "SELECT * FROM users_table" ;
$statement = $db->prepare($query);
$statement->execute();
$query = ".. prepared query here .."; // your second query used in the loop
$SECOND_statement = $db->prepare($query); // set it up
while($row = $statement->fetch()){
// .. bindValue lines here ..
$SECOND_statement->execute();
}
Inside your while loop, you were overwriting the variable $statement with the insert sql. This effectively ended your while loop prematurely. Can also cause some serious unwanted and unexpected issues if that second sql was another SELECT.
Related
So it's probably a really stupid/basic question, but i have this simple PHP function (which works) and inserts data into a PostgreSQL DB.
My issue is when it encounters specific data;
function insertData($pg, $csvfile)
{
$x = 0;
foreach ($csvfile as $data)
{
$email = $csvfile[$x]['email'];
$name = $csvfile[$x]['name'];
$surname = $csvfile[$x]['surname'];
$query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
$result = pg_query($pg, $query);
$x++;
}
}
And while this works, it falls over with a surname such as:
O'hare
And obviously this occurs because then the PHP code comes out as:
...VALUES ('john#example.com', 'John', 'O'hare')";
but im not sure of how i should be structuring the PHP to allow for this.
Try this:
function insertData($pg, $csvfile) {
$nbr = count(file($csvfile));
for($i=0; $i<$nbr; $i++) {
$email = pg_escape_string( $csvfile[$i]['email'] );
$name = pg_escape_string( $csvfile[$i]['name'] );
$surname = pg_escape_string( $csvfile[$i]['surname'] );
$query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
$result = pg_query($pg, $query);
if (!$result) {
echo "Error while executing the query: " . $query;
exit;
}
}
}
You need to escape the string parameters. And it is much better if you can use PDO extension, because prepared statements can take care of escaping for you and also helps with preventing SQL injection and some other security concerns.
function insertData(PDO $dbh, $csvfile) {
$x = 0;
foreach ($csvfile as $data)
{
$query = "INSERT INTO users (email, name, surname) VALUES (?, ?, ?)";
$params = [
$csvfile[$x]['email'],
$csvfile[$x]['name'],
$csvfile[$x]['surname']
];
$statement = $pdo->prepare($query);
$statement->execute();
$x++;
}
}
PDO::prepare
PDOStatement::execute
Solution using prepared query
function insertData($dbname, $tbname, $csvfile)
{
$result = [];
// Connect to a database named "mary"
$dbconn = pg_connect("dbname=$dbname");
// Prepare a query for execution
$result = pg_prepare($dbconn, "my_query", 'INSERT INTO $1 (email, name, surname) VALUES ($2, $3, $4)');
// Execute the prepared query. Note that it is not necessary to escape
foreach ($csvfile as $data)
{
$email = $data['email'];
$name = $data['name'];
$surname = $data['surname'];
$query = "";
$result[] = pg_execute($dbconn, "my_query", array($tbname, $email, $name, $surname));
}
if (in_array(false, $result) )
return false;
else
return true;
}
$dbname = "your dbname";
$tbname = "name of table";
$csvFile = [];
if (insertData($dbname, $tbname, $csvFile))
echo "Data inserted";
else
echo "Data not inserted";
So i took note of the suggestions from #Karsten Koop and #TOH19, and came up with this code which is working;
function insertData($pg, $csvfile)
{
$x = 0;
foreach ($csvfile as $data)
{
$email = pg_escape_string($csvfile[$x]['email']);
$name = pg_escape_string($csvfile[$x]['name']);
$surname = pg_escape_string($csvfile[$x]['surname']);
$query = "INSERT INTO users (email, name, surname) VALUES ('".$email."', '".$name."', '".$surname."')";
$result = pg_query($pg, $query);
$x++;
}
}
I am changing mysqli connections to prepared statements, I always come across this issue, when I am putting values in an array, I'm wondering if someone could explain why I do this incorrectly every time. When I print the returned array from the function it only shows me the last stored values in the array, as opposed to every row in the array.
function getResults($db) {
$statement = $db->prepare("SELECT inv_id, serial_num, equip_id, equip_title, equip_cat, input_date, date_modified FROM equip_inv");
$statement->execute();
$statement->store_result();
$num_of_rows = $statement->num_rows;
$statement->bind_result($invId, $serial, $equipId, $equipTitle, $equipCat, $inputDate, $dateMod);
while ($statement->fetch()) {
$resultArray = array();
$resultArray['inv_id'] = $invId;
$resultArray['serial_num'] = $serial;
$resultArray['equip_id'] = $equipId;
$resultArray['equip_title'] = $equipTitle;
$resultArray['equip_cat'] = $equipCat;
$resultArray['input_date'] = $inputDate;
$resultArray['date_modified'] = $dateMod;
}
return $resultArray;
}
You're reseting $resultArray in each loop. You can create a new array $results = array(); and push $resultArray to it in each loop. Try :
function getResults($db){
$statement = $db->prepare("SELECT inv_id, serial_num, equip_id, equip_title, equip_cat, input_date, date_modified FROM equip_inv");
$statement->execute();
$statement->store_result();
$num_of_rows = $statement->num_rows;
$statement->bind_result($invId, $serial, $equipId, $equipTitle, $equipCat, $inputDate, $dateMod);
$results = array();
while ($statement->fetch()){
$resultArray = array();
$resultArray['inv_id'] = $invId;
$resultArray['serial_num'] = $serial;
$resultArray['equip_id'] = $equipId;
$resultArray['equip_title'] = $equipTitle;
$resultArray['equip_cat'] = $equipCat;
$resultArray['input_date'] = $inputDate;
$resultArray['date_modified'] = $dateMod;
$results[] = $resultArray;
}
return $results;
}
I can't getting an assoc or numeric array from a mysqli prepared statement. I searched and researched from code to get it but it have been imposible. I generate this code based on all that codes. I really think that's correct but it doesn't work anyway:
$id = '134610';
$sql = "SELECT * FROM table WHERE id = ?";
$stmt = $mysqli->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
while ($array = $result->fetch_array(MYSQLI_ASSOC))
// or fetch_array(MYSQLI_NUM))
print_r($array);
MYSQLI_ASSOC
Columns are returned into the array having the fieldname as the array index.
MYSQLI_NUM
Columns are returned into the array having an enumerated index.
http://php.net/manual/en/mysqli.constants.php
I finally resolve it with that code:
$id = '134610';
$sql = "SELECT * FROM table WHERE id = ?";
$stmt = $mysqli->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param("i", $id);
$stmt->execute();
$array = self::bind_result_array($stmt);
for($i=0;$stmt->fetch();$i++)
$ArrayOfArrays[$i] = self::getCopy($array);
$stmt->close();
return $ArrayOfArrays;
and this two functions:
public function bind_result_array($stmt)
{
$meta = $stmt->result_metadata();
$result = array();
while ($field = $meta->fetch_field())
{
$result[$field->name] = NULL;
$params[] = &$result[$field->name];
}
call_user_func_array(array($stmt, 'bind_result'), $params);
return $result;
}
public function getCopy($row)
{
return array_map(create_function('$a', 'return $a;'), $row);
}
I have the following:
<?php
$array = join(',', $ids); // this prints 3,4,6,7,8
$stmt = $cxn->prepare('SELECT * FROM comments WHERE id IN (?)');
$stmt->bind_param('i', $array);
$stmt->execute();
?>
However, when I have it print the results, it only shows the comments from the first id (3) and not the others. What's wrong?
$arrayCount = count($ids);
$binders = array_fill(0, $arrayCount, '?');
// Create an array of references to the values we want to bind
$bindValues = array();
foreach($ids as $key => $id)
$bindValues[$keys] = &$ids[$key];
// Build SQL statement with the necessary number of bind placeholders
$stmt = $cxn->prepare(
'SELECT * FROM comments WHERE id IN (' . implode(',', $binders) . ')'
);
// Bind each value (has to be done by reference)
call_user_func_array(array($stmt, "bind_param"), $bindValues));
$stmt->execute();
I believe for this to work as intended, you have to directly substitute the values into the string:
$idString = '';
foreach($ids as $id) {
$idString .= $id . ',';
}
$idString = substr($idString, 0, -1);
$stmt = $cxn->prepare("SELECT * FROM comments WHERE id IN (".$idstring.")");
$stmt->execute();
Unfortunately, this can then open you up to SQL injection attacks.
Bind them to a string.
$idString = '';
foreach($ids as $id) {
$idString .= $id . ',';
}
$idString = substr($idString, 0, -1);
$stmt = $cxn->prepare('SELECT * FROM comments WHERE id IN (?)');
$stmt->bind_param('s', $idString);
$stmt->execute();
I am trying to do following
$statement = $conn->prepare('SELECT * FROM myTable');
$statement->execute();
if(!($row = $statement->fetchAll(PDO::FETCH_ASSOC)))
{
return false;
}
$conn = null;
} catch(PDOException $e) {
throw $e;
return false;
}
return return json_encode(array('Result'=>$row);
Works and fetches all entries in a table make then JSON Array and send them,
However I want to make a query where selected ids must be send in a JSON Array
E.g 10, 20, 30
I assume that this will be done in a For loop perhaps
$statement = $conn->prepare('SELECT * FROM myTable WHERE id = :id');
$statement->bindParam(':id', $id, PDO::PARAM_STR);
$statement->execute();
$row = $statement->fetch(PDO::FETCH_OBJ)))
Now suppose i have id's = 10,20,30 i want to append all of them in a JSON Array How can i do that?
just like return json_encode(array('Result'=>$row);
Edited Code
function GetMyMembers()
{
$myId = trim($_REQUEST['myId']);
try {
$conn = $this->GetDBConnection();
$statement = $conn->prepare('SELECT valId FROM memList WHERE myId=:myId' );
$statement->bindParam(':myId', $myId, PDO::PARAM_INT);
$statement->execute();
if(!($row = $statement->fetchAll(PDO::FETCH_ASSOC)))
{
return false;
}
// $row contains ALL THE ID'S
$placeholders = str_repeat('?,', count($row));
$placeholders = substr($placeholders, 0, -1);
$sql = "SELECT id, * FROM players WHERE id IN ($placeholders)";
$statement = $conn->prepare($sql);
$statement->execute($row);
$rows = $sth->fetchAll(PDO::FETCH_ASSOC|PDO::FETCH_GROUP);
$conn = null;
} catch(PDOException $e) {
throw $e;
return false;
}
return $rows;
}
$statement = $conn->prepare('SELECT * FROM myTable');
$statement->execute();
$data = array();
while($row = $statement->fetch(PDO::FETCH_ASSOC)))
{
$data[$row['id']] = $row;
}
return json_encode(array('Result'=>$data));
Btw, using raw API is not convenient. With Database abstraction library your code can be as short as 2 following lines:
$data = $db->getInd("id",'SELECT * FROM myTable');
return json_encode(array('Result'=>$data));
Edit:
if you have an array of ids, you need more complex code
$ids = array(1,2,3);
$data = array();
$statement = $conn->prepare('SELECT * FROM myTable WHERE id = :id');
foreach ($ids as $id) {
$statement->bindValue(':id', $id, PDO::PARAM_STR);
$statement->execute();
$data[] = $statement->fetch(PDO::FETCH_OBJ);
}
return json_encode(array('Result'=>$data));
But while using Database abstraction library, there will be the same 2 lines:
$data = $db->getAll('SELECT * FROM myTable where id IN (?a)', $ids);
return json_encode(array('Result'=>$data));
Edit2:
if you need ids only
$statement = $conn->prepare('SELECT id FROM myTable');
$statement->execute();
$data = array();
while($row = $statement->fetch(PDO::FETCH_ASSOC)))
{
$data[] = $row['id'];
}
return json_encode(array('Result'=>$data));
while using Database abstraction library, it's still 2 lines:
$ids = $db->getCol('SELECT id FROM myTable');
return json_encode(array('Result'=>$ids));
$ids = array(1,2,3);
$placeholders = str_repeat('?,', count($ids));
$placeholders = substr($placeholders, 0, -1);
$sql = "SELECT id, * FROM table WHERE id IN ($placeholders)";
$sth = $dbh->prepare($sql);
$sth->execute($ids);
$rows = $sth->fetchAll(PDO::FETCH_ASSOC|PDO::FETCH_GROUP);
echo json_encode(array('Result' => $rows));
Based on additional comments:
Best option:
$sql = '
SELECT *
FROM table1 AS t1
INNER JOIN table2 t2
ON t2.foreign_key = t1.id
';
or
$sql = 'SELECT id FROM table1';
$sth = $dbh->prepare($sth);
$sth->execute();
$ids = $sth->fetchColumn();
//next look above