Function to create variable Variables isn't working - php

I'm trying to use a function to make all my variables for an SQL statement im making in order to reduce code length. Unfortunately, this isn't working at all.
The result I get is that $sql ends up with the value -45. I'm not sure what I'm doing wrong, but I believe there is an issue with the declaration of variables. However, the echo statement that you can see inside the function prints the variables exactly how they are supposed to be printed. Maybe I need to return something?
/*
/ Get Variables
*/
function get($fname,$disp)
{
$NAME = $fname;
$$NAME = $_GET[$NAME];
echo $disp . ' : <font color="00ff00">' . $$NAME . '</font><br>';
}
get("User-ID","User-ID");
get("toon","Name");
get("C_Select","Class");
get("P-Level","P-Level");
get("Sex","Gender");
get("Race","Race");
get("P-Gs","Gearscore");
get("Str-Input","Strength");
get("Int-Input","Intelligence");
get("Con-Input","Constitution");
get("Wis-Input","Wisdom");
get("Dex-Input","Dexterity");
get("Chr-Input","Charisma");
get("HP","Health");
get("AC","Armor Class");
get("Power-S","Power");
get("Def","Defense");
get("Prof-1","Alchemy");
get("Prof-2","Artificing");
get("Prof-3","Jewelcrafting");
get("Prof-4","Leadership");
get("Prof-5","Leatherworking");
get("Prof-6","Medium Armoring");
get("Prof-7","Heavy Armoring");
get("Prof-8","Tailoring");
get("Prof-9","Weaponsmithing");
get("Crit","Critical Strike Rating");
get("Recov","Recovery");
get("AP","Armor Penetration");
get("Regen","Regeneration");
get("HS","Life Steal");
get("Defl","Deflection");
get("Move","Movement");
$sql = 'INSERT INTO def_nwgr_chars (user_id,name,race,level,sex,str,con,dex,int,wis,char,hit_points,ac,power,defense,crit,recovery,ap,regen,life_steal,deflection,movement,alchemy,artificing,jewelcrafting,leadership,leatherworking,mailsmithing,platesmithing,tailoring,weaponsmithing) VALUES (' . $User-ID . ',' . $toon . ',' . $Race . ',' . $P-Level . ',' . $Sex . ',' . $Str-Input . ',' . $Con-Input . ',' . $Dex-Input . ',' . $Int-Input . ',' . $Wis-Input . ',' . $Chr-Input . ',' . $HP . ',' . $AC . ',' . $Power-S . ',' . $Def . ',' . $Crit . ',' . $Recov . ',' . $AP . ',' . $Regen . ',' . $HS . ',' . $Defl . ',' . $Move . ',' . $Prof-1 . ',' . $Prof-2 . ',' . $Prof-3 . ',' . $Prof-4 . ',' . $Prof-5 . ',' . $Prof-6 . ',' . $Prof-7 . ',' . $Prof-8 . ',' . $Prof-9 . ');';


From what I gather, there are a few issues:
First of all, the variables that you make with $$NAME are only in scope for the length of the function, so you cannot reference them outside of it without somehow returning them.
Second, you are trying to use variable names with operators in them. Namely, the "-" sign. This (to my best knowledge) is invalid.
Third, you should not be putting variables directly into your SQL without in some way ensuring that someone cannot arbitrarily insert data into them.
Lastly, do not use $$ whenever possible. It is very hard to debug, and can cause some sneaky errors and programming mistakes.

Related

Adding newline to PHP string [duplicate]

This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 7 years ago.
I'm trying to add new line at the end of string, so I could better see <option> in new lines, hovewer I get string with "\r\n" as text instead of new lines. What is wrong with code ?
foreach ($xml['ROW'] as $ar) {
$tekstas = $ar['zz'] . ' (' . $ar['xx'] . ')';
$insert .= '<option value="' . $ar['Adresas'] . '">' . $tekstas .'</option> "\r\n"' ;
}
echo nl2br(htmlentities($insert));

Almost there, look at the right way to concatenate the new line to the rest of the string you generate.
foreach ($xml['ROW'] as $ar) {
$tekstas = $ar['zz'] . ' (' . $ar['xx'] . ')';
$insert .= '<option value="' . $ar['Adresas'] . '">' . $tekstas .'</option> ' . PHP_EOL ;
}
echo nl2br(htmlentities($insert));

'-quoted strings do not honor escaped metacharacters like "-quoted ones do:
echo '\r' - outputs a literal backslash and an 'r'
echo "\r" - outputs a carriage return
the only escapes that are supported in ' strings are \' and \\.
So..
'</option> "\r\n"'
^---open single quote string
^---close single-quote string
when it should be
'</option> ' . "\r\n"
instead.

"\r\n" should be in double quotes.
foreach ($xml['ROW'] as $ar) {
$tekstas = $ar['zz'] . ' (' . $ar['xx'] . ')';
$insert .= '<option value="' . $ar['Adresas'] . '">' . $tekstas .'</option>'."\r\n";
}
echo nl2br(htmlentities($insert));

Warning: prev() expects parameter 1 to be array, string given in

I'm trying to understand how to fix this error.
Warning: prev() expects parameter 1 to be array, string given in
Its in the if statement below. Is this happening since the first value doesn't have a previous and I need to deal with that condition? Weirdly this worked in regular .php but not in the framework I have it in now.
I'm trying to generate an XML file based on a result set returned for a query. (I'm open to better ideas)
$export.= '<Campaigns>';
while ($line = mysql_fetch_assoc($result) ) {
//echo '<Email Timestamp="' . $line['EmailTimeStamp'] . '" ';
$export.= '<Campaign Info="' . $line['EmailTrackingNumber'] . '" EmailId="' .$line['EmailId'] . '">';
$export.= '<Emails>';
if (prev($line['EmailTrackingNumber']) == current($line['EmailTrackingNumber'])) {
$export.= '<Email Timestamp="' . $line['EmailTimeStamp'] . '" ';
$export.= 'City="' . $line['City'] . '" ';
$export.= 'Zip="' . $line['Zip'] . '"';
}
$export.= '</Emails></Campaign>';
}
$export.= '</Campaigns></EmailTrackingData>';
//echo $export;
file_put_contents('DateOfFile-export.xml', $export);

This
prev($line['EmailTrackingNumber'])
is not an array but a string. This
prev($line)
makes more sense. It returns the array entry which is before the current entry of $line.
But I think you would like to compare the last record with the current record. But that does not work like this. You can only access the columns of the current record. You have to temporarly save your last record.
$export.= '<Campaigns>';
$lastLine = null;
while ($line = mysql_fetch_assoc($result)) {
//echo '<Email Timestamp="' . $line['EmailTimeStamp'] . '" ';
$export.= '<Campaign Info="' . $line['EmailTrackingNumber'] . '" EmailId="' .$line['EmailId'] . '">';
$export.= '<Emails>';
if ($lastLine['EmailTrackingNumber'] == $line['EmailTrackingNumber']) {
$export.= '<Email Timestamp="' . $line['EmailTimeStamp'] . '" ';
$export.= 'City="' . $line['City'] . '" ';
$export.= 'Zip="' . $line['Zip'] . '"';
}
$export.= '</Emails></Campaign>';
$lastLine = $line;
}
$export.= '</Campaigns></EmailTrackingData>';
//echo $export;
file_put_contents('DateOfFile-export.xml', $export);

do not write empty array fields

ik have a html form where i can select some options. I want to write those values comma separated to my database. This is the code i have
$genretotal = $_POST['genre'];
$genre0 = $genretotal[0];
$genre1 = $genretotal[1];
$genre2 = $genretotal[2];
$genre3 = $genretotal[3];
$genre4 = $genretotal[4];
$genre5 = $genretotal[5];
$genre6 = $genretotal[6];
$genre7 = $genretotal[7];
$genre = $genre0 . "," . $genre1 . "," . $genre2 . "," . $genre3 . "," . $genre4 . "," . $genre5 . "," . $genre6 . "," . $genre7;
How can i leave out the empty values?

Try with implode and array_filter
implode(',', array_filter($_POST['genre']));

Why so?
$genre = join(',', array_filter($_POST['genre'], function($sItem)
{
//here I assume your 'not empty' matches PHP empty() function
//if not, then add desired conditions
return !empty($sItem);
}));

$genretotal = $_POST['genre'];
if(isset($genretotal) && count($genretotal)>0)
{//This check array is null or not
$gen_arr = implode(",",$genretotal);
}//end if
echo $gen_arr;
//This is the code you avoid empty values

PHP: How to add variables and quotes to a variable

How can I add variables and quotes to a variable?
in the output it just prints the variables
This is the code I have tried
$pl2 = '{"comment":"' . $nmp3 . '","file":"' . $pmp3 . '"},';

Try with:
$pl2 = json_encode(array(
'comment' => $nmp3,
'file' => $pmp3
));

Try this, it should work:
$p = ' {"comment": ' . $nmp3;
$p = $p.' "," file " : " ' . $pmp3;
$p=$p.' "}," ';
echo $p;

PHP implode quoted string

$brand_condition = ' AND ' . mysql_real_escape_string($brand_selection) . ' IN ';
$brand_condition .= $quote10 . '"'. mysql_real_escape_string($brand_value) . '"' .$quote9;
$brand_conditions[] = $brand_condition;
$query .= implode(' AND ', $brand_conditions) . '';
This produces: AND manufacturer IN ("brand1,brand2")
Since I'm using the IN statement, I need the values to be quoted. At the same time, I am escaping potential quotes with mysql_real_escape_string.
Does anyone see a simple way to get around this small problem?

function quote_escape(&$str) {
$str = '"' . mysql_real_escape_string(chop($str)) . '"';
}
$brands = explode(',', $brand_value);
array_walk($brands, "quote_escape");
$brands = implode(',', $brands);
or
function quote_escape($str) {
return '"' . mysql_real_escape_string(chop($str)) . '"';
}
$brands = implode(',', array_map("quote_escape", explode(',', $brand_value)));

How about $brand_conditions[] = '"'.$brand_condition.'"'; so your adding quotes right before you add the brand_condition in your array.

$concurrent_names = array("O'reilly", 'Tupac "MC New York" Shakur', 'Nemoden');
$escaped_concurrent_names = array_map('mysql_real_escape_string', $concurrent_names);
$condition = 'WHERE name in ("'.implode('", "', $escaped_concurrent_names).'")';

Use this to add quotes for imploded string.
$values = implode( " ',' ", array_values($values) );

$brands=array(nokia,samsung,xiomi);
$brands=implode(" ',' ",$brand);
//$brands='nokia','samsung','xiomi';
WHERE column_name IN ($brands)

Categories