-2

I have some simple function to collect allowed array, but something is not ok, can somebody help me? Here is my code

public function getAllbyLink($table, $what, $url)
{
   $link=mysql_real_escape_string($url);
   $query = $this->db->query("SELECT * FROM ".$table." WHERE ".$what." = '{$link}' LIMIT 0 , 1");

    if ($query->num_rows() > 0)
    {
        return $query->result();
    }
        else redirect('');
}
Schneider
  • 2,446
  • 6
  • 28
  • 38

2 Answers2

1

Please read something about MVC pattern, question is clearly pointed on how to write a Model.

consider using this function

public function getTable($table, $where = array(), $select = '*', $order_by = '', $limit = '', $offset = '') {

    if ($order_by !== '' && $order_by != 'RANDOM') $this->db->order_by($order_by);
    if ($order_by == 'RANDOM') $this->db->order_by('id', 'RANDOM');
    if ($limit !== '') $this->db->limit($limit, $offset);
    $this->db->select($select);
    $q = $this->db->get_where($table, $where);

    return ($q->num_rows() > 0) ? $q->result() : FALSE;

}

for your purpose call the function like this:

getTable($talbe, array('what' => $link)); 
//returns FALSE if no data are selected, 
//or returns object with data,

if you wish return array instead replace $q->result() with $q->array_result()

Please note that active record auto escapes.

After comments:

comment-1, you can simplify that function easily just delete what you do not need, for example

public function getTable2($table, $where = array(),  $limit = '', $offset = '') {

    if ($limit !== '') $this->db->limit($limit, $offset);
    $q = $this->db->get_where($table, $where);

    return ($q->num_rows() > 0) ? $q->result() : FALSE;

}

comment-2,when there is no data use this if-else statement

if (!$my_data = getTable2('table', array('where' => $link))) {
    //there is some DATA to work with
    echo "<pre>";
    var_dump($my_data);
    echo "</pre>";

} else {
    //no DATA do redirect or tell user that there is no DATA
    redirect(); //redirect to default_controller
}

comment-3, no comment;

comment-4, It also allows for safer queries, since the values are escaped automatically by the system. from this source. And another SO question about active record providing exact answer you are seeking.

Community
  • 1
  • 1
Kyslik
  • 8,217
  • 5
  • 54
  • 87
  • Ok, this is most adnavced model, txansk, tell me just one thing, what will happen if there is wrong $what – Schneider Apr 12 '14 at 08:19
  • Can you sow me example, what all i can put i construct, and to redirect when there is no data, txanks in advance – Schneider Apr 12 '14 at 08:29
  • Btw Question is not about that, it is about allowed array from table\ – Schneider Apr 12 '14 at 08:33
  • And there is no protection against mySql injection? – Schneider Apr 12 '14 at 08:35
  • Hello, if you are using active record there is no such thing as sql injection, everything you are giving to the codeigniter native function is escaped. How can be $what wrong? If that happens codeigniter throws mysql error that there is no such column as $what. In other hand if $link is "wrong" model returns FALSE and you sure know that model returned no data what so ever. I will demonstrate on example (edit). – Kyslik Apr 12 '14 at 09:26
0

My understanding of your code is:

  • Read all rows from table
  • Check if linkurl is in the list
  • If so, return a random row for that value
  • Else, redirect.

In this case, try this:

public function getAllbyLink($table,$url,$what)
{
    $query = $this->db->query("
          SELECT *
          FROM `".$table."`
          WHERE `".$what."` = '".mysql_real_escape_string($linkurl)."'
          ORDER BY RAND()
          LIMIT 1
    ");
    if( !$query) return redirect('');
    $result = $query->result();
    if( !$result) return redirect('');
    return $result;
}
Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • Consider your answer right and wrong, OP uses CodeIgniter and should use [active record](http://ellislab.com/codeigniter/user-guide/database/active_record.html). – Kyslik Apr 12 '14 at 00:55
  • And just by the way: why did you use `ORDER BY RAND()` is it faster than just running it without it? or is it a typo? Thanks. – Kyslik Apr 12 '14 at 01:13