My PHP isn't Fetching data from MySql

Question

I am creating a Login form that captures the values so I can use throughout the session when the user gets pass the regular Login page. I have input in MySQL as follows:

I created a function to capture data but it doesn't return anything. Can anyone help me with this?

Here is what the code looks like:

 function user_input($user_id) {
 $input = array();
 $user_id = (int) $user_id;

 $func_num_args = func_num_args();
 $func_get_args = func_get_args();

 if ($func_num_args > 1) {
 unset($func_get_args[0]);

 $fields = ' ` ' . implode('`, ` ', $func_get_args) . ' `';


 $query = mysql_query("SELECT '$fields' FROM Login WHERE user_id = '$user_id' ");
 $input = mysql_fetch_assoc($query);


 print_r($input);
 }
 }

why single quotes `('$fields')` when you already added back-ticks — M Khalid Junaid, Apr 11 '14 at 18:19
Please stop using `mysql_*` functions, they are [**deprecated**](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). — The Blue Dog, Apr 11 '14 at 18:20
Casting to `(int)` is a really poor substitution for [proper SQL escaping](http://bobby-tables.com/php). — tadman, Apr 11 '14 at 18:42

score 2 · Accepted Answer · 2014-04-13T12:35:54.180

 private function user_input($user_id) {

 private $input = array();
 //$user_id = (int) $user_id; //This line may effect your security 

if(isset($input)){

 $func_num_args = func_num_args();
 $func_get_args = func_get_args();

$query = "SELECT ";
for($i = 0 ; $i <=  $func_num_args; $i++){

     if($i==($func_num_args-1))
     {
         $query =$query .$func_get_args[$i];
     }
     else
     {
         $query =$query .$func_get_args[$i].",";
     }

    }
    $query = $query . " FROM Login WHERE `user_id` =" . $user_id ;

   $rs = mysql_query($query);

    while ($getRow = Mysql_fetch_array($rs)){
       self::$input = $getRow;
    }
 }
    return self::$input ; // this will be returning an array of result set 


  }

Wow this site is incredible. Thanks for writing the function for me. I wish I had your brain. Thanks — Proximo, Apr 11 '14 at 19:06
IF u want more efficient output add static, define static $getRow — , Apr 13 '14 at 12:26

score 1 · Answer 2 · answered Apr 11 '14 at 18:23

1

$fields = ' ` ' . implode('`, ` ', $func_get_args) . ' `';

this then makes you fields

` one `, ` two `

This should be

$fields = '`' . implode('`, `', $func_get_args) . '`';

ALSO

You do not need to put '' around this

'`one`, `two`' < -WRONG

This is correct:

 $query = mysql_query("SELECT $fields FROM Login WHERE user_id = '$user_id' ");

Also LEARN PDO!!!

answered Apr 11 '14 at 18:23

GrahamTheDev

22,724
2
32
64

Hey thanks for the pointers.. I voted it up but I have to go with the guy that wrote the entire method for me! Thanks though – Proximo Apr 11 '14 at 19:07
you shouldn't use his method in a real world example (or your own function!) - if it is a private site that is fine (not on the web just a local server) but MySQL is deprecated - plus your function is open to numerous different types of attack - mysqli and PDO are far better - glad it helped but keep learning and read about security and mysql injections! good luck – GrahamTheDev Apr 12 '14 at 10:32

Parag Tyagi · Answer 3 · 2014-04-11T18:35:38.103

0

Change this -

$query = mysql_query("SELECT $fields FROM Login WHERE `user_id` = $user_id ");

Since a variable inside the double quotes echoes it. If you are using a string in where clause then you have to make it like this '".$xyz['name']."'. If its a simple integer like user_id, you can avoid writing in double or single quotes.`

edited Apr 11 '14 at 18:35

answered Apr 11 '14 at 18:23

Parag Tyagi

8,780
3
42
47

My PHP isn't Fetching data from MySql

3 Answers3