Running MySQL queries inside a loop - php
I want to run multiple mysql queries in a loop. Maybe this the wrong approach but thats why I'm asking.
Example:
A user submits a array of userinput and i want loop through it an perform multiple mysql queries. If I hardcode the ID it works but if I set the ID as a VAR it dosen't. When using a VAR it alway shows a result with the last entry.
Best, Tim
if(isset($_POST['list'])){
$list=$_POST['list'];
$list_arr=explode(PHP_EOL, $list);
$list_arr_len=count($list_arr);
for ($i=0; $i < $list_arr_len; $i++) {
echo $list_arr[$i]."<br>";
$result = mysqli_query($con,"SELECT col FROM table where id='$list_arr[$i]'");
$row=mysqli_fetch_array($result,MYSQLI_NUM);
echo $row[0]."<br>";
}
mysqli_close($con);
}
You can do it in one query like this:
if(!empty($_POST['list'])){
$list=$_POST['list'];
$list_arr=explode(PHP_EOL, $list);
$list_id=implode("', '", array_map('mysqli_real_escape_string', $list_arr));
$result = mysqli_query($con,"SELECT col FROM table where id IN ('{$list_id}')");
while($row=mysqli_fetch_array($result,MYSQLI_NUM)) {
echo $row[0]."<br>";
}
mysqli_close($con);
}
in this example no matter which type of colum for id u use
Create PDO object and set it in exception mode
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
try
{
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e)
{
echo 'Connection failed: ' . $e->getMessage();
}
You are posting a comma separated list (I'd post an array but what the hell), so we're going to simply parse the string into integers and stick it in MySQL's IN clause
if(isset($_POST['list']))
{
$list = str_replace(["\r", "\n"], "", $_POST['list']);
$numbers = strpos($list, ',') !== false ? explode(",", $list) : (int)$list;
// This can probably bet written nicer, the idea is to have each number explicitly typecast to int so it's safe to stick in a query directly
// Basically, you want "1,2,3,4,5" without the possibility of having some bad input here
if(is_array($numbers))
{
$numbers = implode(",", array_map(function($number)
{
return (int)$number;
}, $numbers));
}
// And the nice, one liner, where you query and fetch the records which are now in the array called $records
$records = $pdo->query(sprintf("SELECT * FROM your_table WHERE id IN(%s)", $numbers))->fetchAll(PDO::FETCH_ASSOC);
}
Note: I didn't test the code so don't copy paste it, it most likely contains errors. I wrote the answer to show how easy it is to use PDO and retrieve results easily, in one liner.
I think this shall work:
$result = mysqli_query($con,"SELECT col FROM table where id=".mysqli_real_escape_string($list_arr[$i])."");
First Create a string of all the ids and use IN(String of Ids) in your query and store all the data corresponding to id in an array.
$stringIds = "";
for ($i=0; $i < $list_arr_len; $i++)
{
if (is_null($stringIds))
{
$stringIds = '"' . $list_arr[$i] . '"';
}
else
{
$stringIds .= ',"' . $list_arr[$i] . '"';
}
}
$resulSet = mysqli_query($con, ""SELECT col FROM table where id='?'"");
while($row = mysqli_fetch_assoc($resulSet))
{
mainArray[$row['id']] = $row;
}
Now, your able to fetch all your data from the array using foreach loop and please use PDO to avoid SQL Injection.
Problem was:
\n \r
This c0de works for me now ( also IN('') might be the better idea ):
if(isset($_POST['list'])){
$list=$_POST['list'];
//echo $list;
$replace = array("\n", "\r");
$id = str_replace( $replace, ",", $list);
$id_arr = explode(",", $id);
$id_arr_len = count($id_arr);
for ($i=0; $i < $id_arr_len; $i++) {
# code...
$result = mysqli_query($con,"SELECT col1,col2 FROM table where id='$id_arr[$i]'");
while($row = mysqli_fetch_assoc($result)){
echo $row['col1'].': ';
echo $row['col2'].'<br/>';
}
}
}
Related
How to return more mysql rows in function?
I want to make a function in PHP to return a list of mysql results. But i want to enter my own tekst also.
When i echo i get the results but i want to return the value.
function Get() {
$sql = mysqli_query($link, "SELECT * FROM blabla");
$value4 = 'certain';
while($approw = mysqli_fetch_array($sql)){
$value= 'Fun '. $approw['value1'].' '.$approw['value2'].' '.$approw['value3'].'percent '.$value4.'<br />' ;
}
return $value.' Powered by Hisenseb';
}
?>
In the while the results can change anytime
How can i do this? Can anyone tell me how? Thanks in advance.
Pass a mysqli::connect() object to the Get() function as an argument, and for example, select a array as the return value where you store the result set from the sql query and the text you want. Try it:
function Get(mysqli $connect)
{
$ret = [];
$value4 = 'certain';
if ($res = $connect->query("SELECT * FROM blabla")) {
$row = $res->fetch_all(MYSQLI_ASSOC);
$ret['mytext'] = 'Fun '. $row['value1'].' '.$row['value2'].' '.$row['value3'].'percent '.$value4.'<br />' ;
$ret['result-set'] = $row;
}
$connect->close();
return count($ret) > 0 ? $ret : false;
}
Now just call the function:
$conn = new mysqli("localhost","user","password","database");
$result = Get($conn);
$sql = $result['result-set'];
$mytext = $result['mytext'];
// You can then get the data from the sql table using the column names of your table:
$column1 = $sql['column1']; //Now in $column1 you have the value from the SQL table from column column1.
double output from mysql in php
I am selecting the tables names from an opencart install.
trying to output the result(single column) as a string formated like a JSON array.
here is the code:
<?php
function getTableNames()
{
//Change these variables depending on the server it will be used on
$server = 'localhost';
$user = 'User1';
$pass = 'pass';
$DBName = 'OpenCartTest';
//returns a single column of all tables in a mysql database named "OpenCartTest"
$tablesGetSQL = 'Select `table_name` from `information_schema`.`TABLES` where `table_schema` like "OpenCartTest" AND `table_name LIKE "oc_customer%"';
$conn = new mysqli($server, $user, $pass, $DBName);
$JSONStringArray = '[';
if(mysqli_connect_errno())
{
echo '---unauthorized---';
}
else
{
$result = $conn->query($tablesGetSQL);
$l = $result->num_rows;
if($l > 0)
{
//for($i = 0;$i < $l;$i++)
while($row = $result->fetch_assoc())
{
//$row = $result->fetch_assoc();
foreach($row as $item)
{
//echo $item . "|";
$JSONStringArray .= "'" . $item . "',";
}
}
}
$JSONStringArray .= substr($JSONStringArray, 0, -1) . ']';
$conn->close();
return $JSONStringArray;
}
}
$output = getTableNames();
echo substr_count($output, "[") . '<br>';
echo $output;
?>
The output is doubled for some reason, there are 2 '[', yet I only set it once to the string. There is also no closing ']' on the first line.
output:
2
['oc_address','oc_affiliate','oc_affiliate_activity','oc_affiliate_login','oc_affiliate_transaction','oc_api','oc_attribute','oc_attribute_description','oc_attribute_group','oc_attribute_group_description','oc_banner','oc_banner_image','oc_banner_image_description','oc_category','oc_category_description','oc_category_filter','oc_category_path','oc_category_to_layout','oc_category_to_store','oc_country','oc_coupon','oc_coupon_category','oc_coupon_history','oc_coupon_product','oc_currency','oc_custom_field','oc_custom_field_customer_group','oc_custom_field_description','oc_custom_field_value','oc_custom_field_value_description','oc_customer','oc_customer_activity','oc_customer_ban_ip','oc_customer_group','oc_customer_group_description','oc_customer_history','oc_customer_ip','oc_customer_login','oc_customer_online','oc_customer_reward','oc_customer_transaction','oc_download','oc_download_description','oc_event','oc_extension','oc_filter','oc_filter_description','oc_filter_group','oc_filter_group_description','oc_geo_zone','oc_information','oc_information_description','oc_information_to_layout','oc_information_to_store','oc_language','oc_layout','oc_layout_module','oc_layout_route','oc_length_class','oc_length_class_description','oc_location','oc_manufacturer','oc_manufacturer_to_store','oc_marketing','oc_modification','oc_module','oc_option','oc_option_description','oc_option_value','oc_option_value_description','oc_order','oc_order_custom_field','oc_order_fraud','oc_order_history','oc_order_option','oc_order_product','oc_order_recurring','oc_order_recurring_transaction','oc_order_status','oc_order_total','oc_order_voucher','oc_osapi_last_modified','oc_product','oc_product_attribute','oc_product_description','oc_product_discount','oc_product_filter','oc_product_image','oc_product_option','oc_product_option_value','oc_product_recurring','oc_product_related','oc_product_reward','oc_product_special','oc_product_to_category','oc_product_to_download','oc_product_to_layout','oc_product_to_store','oc_recurring','oc_recurring_description','oc_return','oc_return_action','oc_return_history','oc_return_reason','oc_return_status','oc_review','oc_setting','oc_stock_status','oc_store','oc_tax_class','oc_tax_rate','oc_tax_rate_to_customer_group','oc_tax_rule','oc_tg_tglite_revolution_slider','oc_upload','oc_url_alias','oc_user','oc_user_group','oc_voucher','oc_voucher_history','oc_voucher_theme','oc_voucher_theme_description','oc_weight_class','oc_weight_class_description','oc_zone','oc_zone_to_geo_zone',
['oc_address','oc_affiliate','oc_affiliate_activity','oc_affiliate_login','oc_affiliate_transaction','oc_api','oc_attribute','oc_attribute_description','oc_attribute_group','oc_attribute_group_description','oc_banner','oc_banner_image','oc_banner_image_description','oc_category','oc_category_description','oc_category_filter','oc_category_path','oc_category_to_layout','oc_category_to_store','oc_country','oc_coupon','oc_coupon_category','oc_coupon_history','oc_coupon_product','oc_currency','oc_custom_field','oc_custom_field_customer_group','oc_custom_field_description','oc_custom_field_value','oc_custom_field_value_description','oc_customer','oc_customer_activity','oc_customer_ban_ip','oc_customer_group','oc_customer_group_description','oc_customer_history','oc_customer_ip','oc_customer_login','oc_customer_online','oc_customer_reward','oc_customer_transaction','oc_download','oc_download_description','oc_event','oc_extension','oc_filter','oc_filter_description','oc_filter_group','oc_filter_group_description','oc_geo_zone','oc_information','oc_information_description','oc_information_to_layout','oc_information_to_store','oc_language','oc_layout','oc_layout_module','oc_layout_route','oc_length_class','oc_length_class_description','oc_location','oc_manufacturer','oc_manufacturer_to_store','oc_marketing','oc_modification','oc_module','oc_option','oc_option_description','oc_option_value','oc_option_value_description','oc_order','oc_order_custom_field','oc_order_fraud','oc_order_history','oc_order_option','oc_order_product','oc_order_recurring','oc_order_recurring_transaction','oc_order_status','oc_order_total','oc_order_voucher','oc_osapi_last_modified','oc_product','oc_product_attribute','oc_product_description','oc_product_discount','oc_product_filter','oc_product_image','oc_product_option','oc_product_option_value','oc_product_recurring','oc_product_related','oc_product_reward','oc_product_special','oc_product_to_category','oc_product_to_download','oc_product_to_layout','oc_product_to_store','oc_recurring','oc_recurring_description','oc_return','oc_return_action','oc_return_history','oc_return_reason','oc_return_status','oc_review','oc_setting','oc_stock_status','oc_store','oc_tax_class','oc_tax_rate','oc_tax_rate_to_customer_group','oc_tax_rule','oc_tg_tglite_revolution_slider','oc_upload','oc_url_alias','oc_user','oc_user_group','oc_voucher','oc_voucher_history','oc_voucher_theme','oc_voucher_theme_description','oc_weight_class','oc_weight_class_description','oc_zone','oc_zone_to_geo_zone']
I cannot spot where I've gone wrong. Maybe I Will try it on a diferent server next.
Don't create your JSON string manually, just use json_encode, thats why this function exists anyway:
First is gather all the table names inside a container first, finish the gathering, the loop and the whole bit, after your done with that, then encode it.
$result = $conn->query($tablesGetSQL);
$JSONStringArray = array(); // initialize container
while($row = $result->fetch_assoc()) {
$JSONStringArray[] = $row['table_name']; // push all table names
}
// finally, encode
$JSONStringArray = json_encode($JSONStringArray);
$conn->close();
return $JSONStringArray;
You are getting two copies because of this line
$JSONStringArray .= substr($JSONStringArray, 0, -1) . ']';
You do the .= which is doing the substr, and adding it to the original, you should just do an =
ie, should just be:
$JSONStringArray = substr($JSONStringArray, 0, -1) . ']';
As a side note, there's no need to build a JSON string, PHP has a built in method to generate the json string. Instead you can do
$data = array();
while($row = $result->fetch_row())
{
$data += $row; // append returned array to the data array, since you wanted it future proof incase you added more columns to the SELECT query
}
// close connection
return json_encode($data);
Program not doing update in ForEach Loop
I am trying to update a file OPPSHEDT with a priority and reason code. It seems the code gets stuck in the foreach loop. It gets to SQL with the Count I get the echo of the selstring on my browser then I do not get the echo of $Count and the update is not done. I'm not quite sure if I'm not connecting and doing the actual SQL on the Count or not. Is there anyway to tell what is going on here?
<?php
require_once ('C:/wamp/db/login.php');
// Try to connect to database
try
{
$db = new PDO($db_hostname, $db_user, $db_pass);
}
catch (PDOExcepton $e)
{
echo $e->getMessage();
exit();
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (is_array($_POST['line']))
{
$ohord = $_POST['shedord'];
$ohbord = $_POST['shedbord'];
$date1 = $_POST['sheddat'];
$type = $_POST['shedtyp'];
$prty1 = $_POST['shedpty'];
$resn1 = $_POST['shedrsn'];
foreach($_POST['line'] as $line_no)
{
$type1 = $type[$line_no];
$type2 = substr($type1, 0, 1);
$selstring = "Select Count(*) From LPCUSTTST.OPPSHEDT where sheddat = '$date1[$line_no]' and shedtyp = '$type2' and shedord = '$ohord[$line_no]' and shedbord = '$ohbord[$line_no]'";
echo $selstring;
$s = $db->prepare("$selstring");
$s->execute();
echo $Count;
if($Count > 0)
{
// Update data into detail
$selstring1 = "UPDATE LPCUSTTST.OPPSHEDT SET SHEDPTY = '$prty1[$line_no]', SHEDRSN = '$resn1[$line_no]' where sheddat = $date1[$line_no] and shedtyp = '$type2' and shedord = '$ohord[$line_no]' and shedbord = '$ohbord[$line_no]'";
echo $selstring1;
$s = $db->prepare("$selstring1");
$s->execute();
}
}
}
?>
Thank You
Your first SQL statement contains date1[$line_no] while your second contains $date1[$line_no]. You can make things much easier (and safer) by using parameterized queries instead. Edit: You modified your post to include the missing dollar sign but my suggestion to use parameterized queries still stands. $selstring = 'SELECT COUNT(*) as total FROM LPCUSTTST.OPPSHEDT WHERE sheddat = :sheddat AND shedtyp = :shedtyp AND shedord = :shedord AND shedbord = :shedbord'; $stm = $db->prepare($selstring); $stm->execute( array( 'sheddat' => $date1[$line_no], 'shedtyp' => $type2, 'shedord' => $ohord[$line_no], 'shedbord' => $ohbord[$line_no] ) ); I do not get the echo of $Count and the update is not done In your code you do echo $Count; but $Count is never defined. You need to fetch the value (I added total to the above SQL): $row = $stm->fetch(PDO::FETCH_ASSOC); $count = $row['total'];
PHP - Binding array of strings to IN() clause using PDO
I am struggling to bind an array of strings to an IN() clause in a MySQL statement. I have found a lot of info on this with regards to integers, but all using methods which don't work with strings.
Here's my code so far:
$dbconnect = new PDO(...);
$brands = array('Nike', 'Adidas', 'Puma');
$i = 1;
try {
$dbconnect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$data = $dbconnect->prepare("SELECT * FROM clothing WHERE brand IN (:brands)");
$data->bindParam(':brands', $brands);
$data->execute();
while($row = $data->fetch()) {
echo $i++ . " - ". $row['brand'] . "<br>";
}
} catch(PDOException $er) {
echo 'Error: ' . $er->getMessage();
}
Thanks in advance for any help!
I like to loop through and create an associative array of the values. Then concatenate the keys to a string of params to bind. Then loop through the associative array to bind them to the prepared statement. Something along the following (there may be some syntax errors, but this is the gist):
$in_clause_array = array();
foreach($brands as $index => $brand) {
$in_clause_array[':brand_'.$index] = $brand;
}
//Below creates a string like ":brand_1 , :brand_2 , :brand_3"
$in_clause_string = implode(" , ", array_keys($in_clause_array));
$data = $dbconnect->prepare("SELECT * FROM clothing WHERE brand IN ( $in_clause_string )");
//now bind the params to values in the associative array
foreach($in_clause_array as $key=>$brand) {
$data->bindValue("$key", $brand);
}
$array_fields = array();
$i=0;
$res = $db->query("yourkey ".TABLE_ADS);
while($row = mysql_fetch_row($res)) {
$array_fields[$i] = $row[0];
$i++;
}
how to combine the function to get the info of certain studid
heres my code
if(isset($_POST['select'])){
$studId = $_REQUEST['studid'];
foreach ($studId as $ch){
echo $ch."<br>";
}
}
//the result of this is like this
c-1111
c-1112
c-1113
// but i want to know their names
i have a function to get the studinfo shown below. how would i apply/insert this in the above code to get the names of those stuid's..pls help
function getuserinfo($ch){
$info_select = "SELECT `$ch` FROM `tbl_student` WHERE `studId`='$ch'";
if ($query_get = mysql_query($info_select)) {
if ($result = mysql_result($query_get, 0, $ch)) {
return $result;
}
}
}
$fname = getuserinfo('fname');
$lname = getuserinfo('lname');
$mname = getuserinfo('mname');
This is wildly dangerous as is, but here is the basic idea:
Your current query inexplicably fetches the student id where student id equals the passed value. So that looks like it is just trying to verify, but it is unnecessary. You want to return all info, then replace the first $ch with just * to fetch all...
function getuserinfo($ch){
$info_select = "SELECT * FROM `tbl_student` WHERE `studId`='$ch'";
if ($query_get = mysql_query($info_select)) {
if ($result = mysql_result($query_get, 0, $ch)) {
return $result;
}
}
}
You call it by passing the id:
getuserinfo($ch);
You can then access all student info for the row. try var_dump(getuserinfo($ch)) to see what's returned if this makes no sense.
But you are just fetching RAW from $_REQUEST with absolutely no cleansing. You are wide open to attack this way.
Switch to PDO or mysqli and use prepared statements. This answer is just to explain how ot get the info. In no way do I condone the use of these deprecated methods as is.
edit
As per your comment, you need to access the result to do something like that...
if(isset($_POST['select'])){
$studId = $_REQUEST['studid'];
$where = "";
foreach ($studId as $ch){
$where .= "studId = '$ch' OR";
}
if(strlen($where) > 0)
{
$where = substr($where, 0, -2);
$result = $mysqli->query("SELECT studId, CONCAT(fname, " ", mname, " ",lname) AS name FROM tbl_student WHERE $where");
while ($row = $result->fetch_assoc()) {
echo $row['name'].'<br>';
}
}
}
...again, sanitize the input. It's not being done in this example. This is just to give an idea