php function save result at array

Question

hello i want to create function with returning data, for example when i have the function advert i want to make it every time show what i need, i have the table id, sub_id, name, date, and i want to create the function that i can print every time what i need advert(id), advert(name), i want to make it to show every time what i need exactly and i want to save all my result in array, and every time grab the exactly row that i want

<?php
    function advert($data){

    $id = $_GET['id'];
    $query = mysql_query("SELECT *FROM advertisement WHERE id = $id");
    while($row = mysql_fetch_assoc($query)){
        $data = array(
        'id'        => $row['id']
        );
    }
    return $data;
}
    echo  advert($data['id']);
    ?>

but my result every time is empty, can you help me please?

See this one, may get handy.. http://stackoverflow.com/questions/517201/coding-of-parameter-value-for-select-in-php-mysql — Hiren Pandya, Mar 25 '13 at 11:06

Hugo Delsing · Answer 1 · 2013-03-25T11:41:36.167

There are so many flaws in this short piece of code that the only good advice would be to get some beginners tutorial. But i'll put some effort into explaining a few things. Hopefully it will help.

First step would be the line function advert($data), you are passing a parameter $data to the method. Now later on you are using the same variable $data in the return field. I guess that you attempted to let the function know what variable you wanted to fill, but that is not needed.

If I understand correctly what you are trying to do, I would pass in the $id parameter. Then you can use this function to get the array based on the ID you supplied and it doesnt always have to come from the querystring (although it could).

function advert($id) {


}

Now we have the basics setup, we want to get the information from the database. Your code would work, but it is also vulnerable for SQL injection. Since thats a topic on its own, I suggest you use google to find information on the subject. For now I'll just say that you need to verify user input. In this case you want an ID, which I assume is numeric, so make sure its numeric. I'll also asume you have an integer ID, so that would make.

function advert($id) {
  if (!is_int($id))
    return "possible SQL injection.";
}

Then I'll make another assumption, and that is that the ID is unique and that you only expect 1 result to be returned. Because there is only one result, we can use the LIMIT option in the query and dont need the while loop.

Also keep in mind that mysql_ functions are deprecated and should no longer be used. Try to switch to mysqli or PDO. But for now, i'll just use your code.

Adding just the ID to the $data array seems useless, but I guess you understand how to add the other columns from the SQL table.

function advert($id) {
  if (!is_int($id))
    return "possible SQL injection.";

  $query = mysql_query("SELECT * FROM advertisement WHERE id = $id LIMIT 1");
  $row = mysql_fetch_assoc($query);

  $data = array(
    'id' => $row['id']
  );

  return $data; 
}

Not to call this method we can use the GET parameter like so. Please be advised that echoing an array will most likely not give you the desired result. I would store the result in a variable and then continue using it.

$ad = advert($_GET['id']);

if (!is_array($ad)) {
  echo $ad; //for sql injection message
} else {
  print_r($ad) //to show array content
}

score 0 · Answer 2 · edited May 23 '17 at 10:25

0

Do you want to show the specific column value in the return result , like if you pass as as Id , you want to return only Id column data. Loop through all the key of the row array and on matching with the incoming Column name you can get the value and break the loop.

Check this link : php & mysql - loop through columns of a single row and passing values into array

edited May 23 '17 at 10:25

Community

1
1

answered Mar 25 '13 at 11:16

Devesh

4,500
1
17
28

Dipesh Parmar · Answer 3 · 2013-03-25T11:31:57.520

You are already passing ID as function argument. Also put space between * and FROM.

So use it as below.

$query = mysql_query("SELECT * FROM advertisement WHERE id = '".$data."'");

OR

function advert($id)
{
    $query = mysql_query("SELECT * FROM advertisement WHERE id = '".$id."'");
    $data = array();
    while($row = mysql_fetch_assoc($query))
    {
        $data[] = $row;
    }
    return $data;
}

Do not use mysql_* as that is deprecated instead use PDO or MYSQLI_*

jey navam · Answer 4 · 2013-03-28T09:59:32.663

-1

try this:

<?php
function advert($id){
$data= array();
//$id = $_GET['id'];
$query = mysql_query("SELECT *FROM advertisement WHERE id = $id");
while($row = mysql_fetch_assoc($query)){
     array_push($data,$row['id']);
}
return $data;
}
var_dump($data);
//echo  advert($data['id']);
?>

edited Mar 28 '13 at 09:59

answered Mar 25 '13 at 11:07

jey navam

23
6

three in a row and all keep the same vulnerability – Your Common Sense Mar 25 '13 at 11:10

php function save result at array

4 Answers4