I'm new to the world of OOP and PDO and just need a bit of a hand when returning data in one function and wanting to use that inside another function.
Below is my function to get all gecko data from my database, at the moment i have it printing out the array so i know it's working.
function getGecko:
public function getGecko($geckoName){
$dbh = $this->dbh;
try {
if (!$geckoName) {
throw new Exception("No gecko name set!");
}
$stmt = $dbh->query("SELECT * FROM geckos WHERE gecko_name = '$geckoName'");
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$row_count = $stmt->rowCount();
$row = $stmt->fetch();
if($row_count > 0){
print_r($row);
return true;
} else {
echo 'No information found for '.$geckoName.'!';
return false;
}
}
catch (Exception $e) {
echo $e->getMessage();
}
}
which outputs as - Array ( [gecko_id] => 1 [gecko_name] => Zilly [gecko_aquisition_date] => 0000-00-00 [gecko_type] => Normal [gecko_gender] => Male [gecko_traits] => [gecko_bio] => Hench bastard [gecko_health_check] => All good! [gecko_bred] => 0 [gecko_hatchling] => 0 [gecko_clutch] => [gecko_photo] => ) - no problem.
But i want to use that data inside a function called getMorph to utilise [gecko_type] => Normal. I have tried things like:
public function getMorph($geckoName){
$this->getGecko($geckoName);
echo $row['gecko_type'];
}
But it returns nothing at all. I am quite used to php in the procedural sense, i'm just trying to better myself and my code and wanted to get stuck into OOP. I do apologise if this is considered a 'noob' question but as i say, i am trying to learn.
Thank you for your time :)
The problem with your first function is that you're returning a boolean value. No actual data is returned. Also, in the getMorph() function, you're trying to use the $row variable. This won't work as the $row variable only exists inside the local scope of the function getGecko(). This would actually cause PHP to print an error message. Had you enabled error reporting, you'd have found this out.
To fix the issue, you can modify your first function to return the array:
if($row_count > 0){
// print_r($row);
return $row;
} else {
echo 'No information found for '.$geckoName.'!';
return false;
}
Then, in your second function, you can access the array like so:
public function getMorph($geckoName){
// $morph now contains the entire array
// returned by the other function
$row = $this->getGecko($geckoName);
// output the array contents
echo '<pre>' . print_r($row, TRUE), '</pre>';
// return the specific gecko_type value
return $row['gecko_type'];
}
I suggest you read up on variable scope. It's going to be very useful. Also, completely unrelated the issue above, you're directly inserting the user input in your SQL query. Don't do that! Use parameterized queries instead - that way, you'll be able to avoid SQL injection attacks.
The following questions has more details on the subject:
How can I prevent SQL injection in PHP?
How does PHP PDO's prepared statements prevent sql injection?
Your function getGecko returns only a Boolean and $row is only a local variable in that method. So you can either change the return value to return the actual data or you can create a private variable in your PHP Class.
For changing the return type, you could in getGecko change that return to something like this:
if($row_count > 0){
// ...
return $row;
}
And then in your getMorph function do something like:
public function getMorph($geckoName){
$row = $this->getGecko($geckoName);
echo $row['gecko_type'];
}
Related
When I dump the array just before the return statement all seems good.
However, when I dump the result it seems empty.
Should be more clear with the code included. I call GetRow from DatabaseHandler, I can see there is an array when I make a dump before the return. (see the var_dump)
public static function GetRow($sqlQuery, $params = null,
$fetchStyle = PDO::FETCH_ASSOC)
{
// Initialize the return value to null
$result = null;
// Try to execute an SQL query or a stored procedure
try
{
// Get the database handler
$database_handler = self::GetHandler();
// Prepare the query for execution
$statement_handler = $database_handler->prepare($sqlQuery);
// Execute the query
$statement_handler->execute($params);
// Fetch result
$result = $statement_handler->fetch($fetchStyle);
}
// Trigger an error if an exception was thrown when executing the SQL query
catch(PDOException $e)
{
// Close the database handler and trigger an error
self::Close();
trigger_error($e->getMessage(), E_USER_ERROR);
}
// Return the query results
exit(var_dump($result)); // SHOWS A PROPER ARRAY
return $result;
}
In the other function which calls it, there is nothing to be seen (false):
// Gets the details of a specific order
public static function GetOrderInfo($orderId)
{
// Build the SQL query
$sql = 'CALL orders_get_order_info(:order_id)';
// Build the parameters array
$params = array (':order_id' => $orderId);
// Execute the query and return the results
$result = DatabaseHandler::GetRow($sql, $params);
exit(var_dump($result)); // SHOWS FALSE
return $result
}
Don't call exit. There's nothing special about arrays in PHP in terms of arguments/return values - the problem is that you're terminating with the exit() call.
From the docs http://php.net/manual/en/function.exit.php:
Terminates execution of the script
In other words, the return statement is unreacheable. So your code never returns because the process exits before it.
While PDO returned an Array, it was unusable for functions like foreach, while, or json_encode (invalid argument).
The solutions was to use MySQLi, it returned exactly the same Array, only this time it was usable for functions like foreach, while, or json_encode.
I want to output the fetched array onto the frontend. It works fine until the array returns as empty. It throws a PHP error that 'undefined variable $data on php line X'. I've looked for solutions though they have not fully suited what I have in mind. Please assist.
public function search($search) {
try {
$query = $this->connection->prepare ( "SELECT * FROM files WHERE number=$search ORDER BY id" );
$query->execute ();
while ( $row = $query->fetch ( PDO::FETCH_ASSOC ) ) {
$data [] = $row;
}
return $data;
} catch ( PDOException $e ) {
$e->getMessage ();
}
}
You are running your query wrong way.
The only proper way to add a variable into PDO query is to add it through a parameter. It is very important to understand that simply adding quotes around a variable is not enough and will eventually lead to innumerable problems, from syntax errors to SQL injections. On the other hand, due to the very nature of prepared statements, it's a bullet-proof solution that makes it impossible to introduce any problem through a data variable.
$this->connection->prepare ( "SELECT * FROM files WHERE number=? ORDER BY id" );
$query->execute ([$search]);
while to eliminate the error you should use the appropriate fetch mode. So the full code would be
public function search($search) {
$this->connection->prepare ( "SELECT * FROM files WHERE number=? ORDER BY id" );
$query->execute ([$search]);
return $query->fetchAll(PDO::FETCH_ASSOC);
}
note that you should never catch an error to report it
Because I find PDO executions extremely hard to remember and find myself looking back at previous projects or other websites just to remember how to select rows from a database, I decided that I would try and create my own functions that contain the PDO executions and just plug in the data I need. It seemed a lot simpler than it actually is though...
So far I have already created a connect function successfully, but now when it comes to create a select function I'm stumped for multiple reasons.
For starters there could be a variating amount of args that can be passed into the function and secondly I can't figure out what I should pass to the function and in which order.
So far the function looks like this. To keep me sane, I've added the "id" part to it so I can see what exactly I need to accomplish in the final outcome, and will be replaced by variables accordingly when I work out how to do it.
function sql_select($conn, **what to put here**) {
try {
$stmt = $conn->prepare('SELECT * FROM myTable WHERE id = :id');
$stmt->execute(array('id' => $id));
$result = $stmt->fetchAll();
if ( count($result) ) {
foreach($result as $row) {
print_r($row);
}
} else {
return "No rows returned.";
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
}
So far what I've established that the function will need to do is
Connect to the database (using another function to generate the $conn variable, already done)
Select the table
Specify the column
Supply the input to match
Allow for possible args such as ORDER by 'id' DESC
Lastly from this I would need to create a function to insert, update and delete rows from the database.
Or, is there a better way to do this rather than functions?
If anyone could help me accomplish my ambitions to simply simplify PDO executions it would be greatly appreciated. Thanks in advance!
First of all, I have no idea where did you get 10 lines
$stmt = $conn->prepare('SELECT * FROM myTable WHERE id = ?');
$stmt->execute(array($id));
$result = $stmt->fetchAll();
is ALL the code you need, and it's actually three lines, which results with a regular PHP array that you can use wherever you wish. Without the need of any PDO code. Without the need of old mysql code.
Lastly from this I would need to create a function to insert, update and delete rows from the database.
DON'T ever do it.
Please read my explanations here and here based on perfect examples of what you'll end up if continue this way.
accomplish my ambitions to simply simplify PDO executions
That's indeed a great ambition. However, only few succeeded in a real real simplification, but most resulted with actually more complex code. For starter you can try code from the first linked answer. Having a class consists of several such functions will indeed improve your experience with PDO.
. . . and find myself looking back at previous projects or other
websites just to remember how to select rows from a database . . .
FYI, we all do that.
You had a problem with the PDO API and now you have two problems. My best and strongest suggestion is this: If you want a simpler/different database API, do not roll your own. Search http://packagist.org for an ORM or a DBAL that looks good and use it instead of PDO.
Other people have already done this work for you. Use their work and focus instead on whatever awesome thing is unique to your app. Work smart, not hard and all that.
Writting a wrapper, should start form connecting the DB, and all the possible method could be wrapped. Passing connection to the query method, doesn't look good.
A very rough example would be the code bellow, I strongly do not suggest this mixture, but it will give you the direction.
You connection should be made either from the constructor, or from another method called in the constructor, You can use something like this:
public function __construct($driver = NULL, $dbname = NULL, $host = NULL, $user = NULL, $pass = NULL, $port = NULL) {
$driver = $driver ?: $this->_driver;
$dbname = $dbname ?: $this->_dbname;
$host = $host ?: $this->_host;
$user = $user ?: $this->_user;
$pass = $pass ?: $this->_password;
$port = $port ?: $this->_port;
try {
$this->_dbh = new PDO("$driver:host=$host;port=$port;dbname=$dbname", $user, $pass);
$this->_dbh->exec("set names utf8");
} catch(PDOException $e) {
echo $e->getMessage();
}
}
So you can either pass connection credentials when you instantiate your wrapper or use default ones.
Now, you can make a method that just recieves the query. It's more OK to write the whole query, than just pass tables and columns. It will not make a whole ORM, but will just make the code harder to read.
In my first times dealing with PDO, I wanted everything to be dynamically, so what I achieved, later I realized is immature style of coding, but let's show it
public function query($sql, $unset = null) {
$sth = $this->_dbh->prepare($sql);
if($unset != null) {
if(is_array($unset)) {
foreach ($unset as $val) {
unset($_REQUEST[$val]);
}
}
unset($_REQUEST[$unset]);
}
foreach ($_REQUEST as $key => $value) {
if(is_int($value)) {
$param = PDO::PARAM_INT;
} elseif(is_bool($value)) {
$param = PDO::PARAM_BOOL;
} elseif(is_null($value)) {
$param = PDO::PARAM_NULL;
} elseif(is_string($value)) {
$param = PDO::PARAM_STR;
} else {
$param = FALSE;
}
$sth->bindValue(":$key", $value, $param);
}
$sth->execute();
$result = $sth->fetchAll();
return $result;
}
So what all of these spaghetti does?
First I though I would want all of my post values to be send as params, so if I have
input name='user'
input name='password'
I can do $res = $db->query("SELECT id FROM users WHERE username = :user AND password = :password");
And tada! I have fetched result of this query, $res is now an array containing the result.
Later I found, that if I have
input name='user'
input name='password'
input name='age'
In the same form, but the query remains with :user and :password and I submit the form, the called query will give mismatch in bound params, because the foreach against the $_REQUEST array will bind 3 params, but in the query I use 2.
So, I set the code in the beginning of the method, where I can provide what to exclude. Calling the method like $res = $db->query("SELECT id FROM users WHERE username = :user AND password = :password", 'age'); gave me the possibility to do it.
It works, but still is no good.
Better have a query() method that recieves 2 things:
The SQL string with the param names
The params as array.
So you can use the foreach() logic with bindValue, but not on the superglobal array, but on the passed on.
Then, you can wrap the fetch methods
public function fetch($res, $mode = null)
You should not directly return the fetch from the query, as it might be UPDATE, INSERT or DELETE.
Just pass the $res variable to the fetch() method, and a mode like PDO::FETCH_ASSOC. You can use default value where it would be fetch assoc, and if you pass something else, to use it.
Don't try to be so abstract, as I started to be. It will make you fill cracks lately.
Hum... IMHO I don't think you should try to wrap PDO in functions, because they're already "wrapped" in methods. In fact, going from OOP to procedural seems a step back (or at least a step in the wrong direction). PDO is a good library and has a lot of methods and features that you will surely lose if you wrap them in simple reusable functions.
One of those features is the BeginTransaction/Rollback (see more here)
Regardless, In a OOP point of view you can decorate the PDO object itself, adding some simple methods.
Here's an example based on your function
Note: THIS CODE IS UNTESTED!!!!
class MyPdo
{
public function __construct($conn)
{
$this->conn = $conn;
}
public function pdo()
{
return $this->conn;
}
public function selectAllById($table, $id = null)
{
$query = 'SELECT * FROM :table';
$params = array('table'=>$table);
if (!is_null($id)) {
$query .= ' WHERE id = :id';
$params['id'] = $id;
}
$r = $this->conn->prepare($query)
->execute($params)
->fetchAll();
//More stuff here to manipulate $r (results)
return $r;
}
public function __call($name, $params)
{
call_user_func_array(array($this->conn, $name), $params);
}
}
Note: THIS CODE IS UNTESTED!!!!
ORM
Another option is using an ORM, which would let you interact with your models/entities directly without bothering with creating/destroying connections, inserting/deleting, etc... Doctrine2 or Propel are good bets for PHP.
Howeveran ORM is a lot more complex than using PDO directly.
My goal is to display the profile of a user. I have this function:
function get_profile($un) {
if($registerquery = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
return $profile = mysql_fetch_array($registerquery);
}
}
Then the display snippet:
<?php $profile = $mysql->get_profile($un);
foreach($profile as $key => $value){
echo "<span>".$key.': '.$value."</span><br />";
}
?>
But I get: "Warning: Invalid argument supplied for foreach() in..."
Help pls???
You need to see if the result was a success or not
if (gettype($result) == "boolean") {
$output = array('success' => ($result ? 1 : 0));
}
And you need to cycle through it if it's a resource type...
if (gettype($result) == "resource") {
if (mysql_num_rows($result) != 0 ) {
while ($row = mysql_fetch_assoc($result)) {
$output[] =$row;
}
}
}
I chopped up some real code that does basically everything pretty awful for you because I can't release it, sorry.
Check the result of get_profile, as it will return null if the query failed. You can't loop over null.
Be very very careful here. You are passing a raw string into the query function without escaping it and without using a parameterized query. Use mysql_escape_string around $un in your query. Your code flaw is called a sql injection attack.
Someone could pass their username as this
myusername'; update users set password = '';
And blank all passwords, thereby allowing themselves to access any account. Other similar shady attacks are equally likely.. you can basically do anything to a database with sql injection attacks.
I Agree with Anthony Forloney. The following code is just returning TRUE or FALSE depending on wether loading the $profile variable worked:
return $profile = mysql_fetch_array($registerquery);
You don't need $profile. You can eliminate it as such:
return mysql_fetch_array($registerquery);
The function will return the array and then when you call the function later you can load it's return value into $profile as you do with the following:
$profile = $mysql->get_profile($un);
Try this:
function get_profile($un) {
if($result = $this->conn->query("SELECT * FROM table WHERE usr = '".$un."' ")){
return $result->fetchArray(MYSQLI_ASSOC);
}
return array();
}
You're mixing MySQLi and MySQL functions and you can't do that. And, the last line of this code will return an empty array if the query does not work, rather than return null.
It is probably empty ($profile). Print the value of "count($profile)"
I have found that the easiest way to loop through mysql results is to use a while loop:
$select = "SELECT * FROM MyTable";
$result = mysql_query($select);
while ($profile = mysql_fetch_array($result)) {
$name = $profile['name'];
...
}
I am trying the following code to get results from query and display it in the tes.php page.
db.inc.php
<?php
function db_connect()
{
$handle=new mysqli('localhost','rekandoa','rekandoa','rekandoa');
if (!$handle)
{
return false;
}
return $handle;
}
function get_member()
{
$handle=db_connect();
$sql="Select email,nama,alamat,kota,propinsi from users where email=?";
$stmt=$handle->prepare($sql);
$mail='yonghan79#gmail.com';
$stmt->bind_param("s",$mail);
$stmt->execute();
$stmt->bind_result($email,$nama,$alamat,$kota,$propinsi);
$result=$stmt->fetch();
return $result;
}
?>
tes.php
<?php
error_reporting(E_ALL & ~E_NOTICE);
include('db.inc.php');
$w=get_member();
echo $w['member_id'];
echo '<br>';
echo $w['email'];
echo '<br>';
echo $w['status'];
echo '<br>';
?>
I got no error message but the results are not shown, it is just a blank page.
What did I do wrong?
$stmt->bind_result($email,$nama,$alamat,$kota,$propinsi);
The above line will make sure that the results are stored in the variables that you provide. The fetch() function returns TRUE or FALSE - whether the query was successfull, not the actual result. You would need something like
return array(
'email' => $email,
'nama' => $nama,
'alamat' => $alamat,
'kota' => $kota,
'propinsi' => $propinsi);
fetch() itself doesnt return an array it returns a boolean indicating wheter it got a row.
thus you can do:
while($stmt->fetch()) {
//$email,$nama,$alamat,$kota,$propinsi are now filled
}
binding values into an array dynamically (unlike soulmerge's solution) takes a little more craft. I created a Database class that does just that. It acts as a wrapper arround mysqli prepared statements to return results as objects where the select columns act as properties on the object. If you take out the cast to object in the class it will return arrays as you want.