0

Okay first off, here's my function for sending a query:

function send_query($sql) {
global $rows;
global $conn;
connect();

$result = $conn->query($sql);

while ($row = $result->fetch_assoc()) {
  $rows[] = $row;
}
mysqli_free_result($result);
$conn->close();

return $rows;
}

And when I use it like this:

$rows = send_query("SELECT views FROM posts WHERE postid = " . $_GET['id']);


foreach( $rows as $row ) {
        print_r($row);
        echo "<BR>";
    }

I get this result...

Array ( [postid] => 1 [username] => jesusfreak [unique] => 3 )
Array ( [views] => 0 )

Why is it putting the answer I need in [1] of the array instead of [0]? And why is it putting those other things that I didn't request into [0]?

Jahid
  • 21,542
  • 10
  • 90
  • 108
thinkofacard
  • 491
  • 1
  • 6
  • 19
  • Don't EVER EVER EVER insert a $_GET value inside your query. If you can't solve this issue, go for a foreach track instead of a 'for ($i; ...) ....' style. Good luck ! – Answers_Seeker May 19 '15 at 15:19
  • Thanks for your response. Why should you never insert a $_GET value inside a query? Is it just for security concerns? – thinkofacard May 19 '15 at 15:23
  • It opens you up to SQL injection. User input should always be sanitized – Bryan Zwicker May 19 '15 at 15:23
  • [sql injection attacks](http://bobby-tables.com), that's why... http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Marc B May 19 '15 at 15:26
  • It's not a small matter: SQL injection doesn't need much knowledge or skill to be done => a lot of people with bad intentions can use it => protect yourself against it. – Answers_Seeker May 19 '15 at 15:36
  • Great point. I'll do that! I'm still not understanding why it's putting the information on [1] instead of [0] though. – thinkofacard May 19 '15 at 15:41

1 Answers1

2

It looks like it is because your 

global $rows
is coming in with a result already inside it. You are appending the newly queries rows to that variable.

Try using a different (empty) array instead of $rows:

function send_query($sql) {
global $rows;
global $conn;
connect();

$result = $conn->query($sql);
$sqlresults = array();
while ($row = $result->fetch_assoc()) {
   $sqlresults[] = $row;
}
mysqli_free_result($result);
$conn->close();

return $sqlresults;
}
Bryan Zwicker
  • 642
  • 1
  • 6
  • 24
  • The $rows array is empty. It declares it empty at the top of each page. – thinkofacard May 19 '15 at 15:22
  • I don't think it is empty, otherwise you would not have the [0] result with fields you aren't querying for: Array ( [postid] => 1 [username] => jesusfreak [unique] => 3 ). Globals will be passed into your send_query function since you declared it, prepending them to the resultset. You have to be careful with Globals. Humor me and try my code suggestion – Bryan Zwicker May 19 '15 at 15:24
  • 1
    How about just not defining `$rows` as global since the function returns it anyway? Get rid of the global! – AbraCadaver May 19 '15 at 15:29
  • @AbraCadaver Correct, it would not need to be defined at all. I was taking into account if this was pseudo-code where it could be used elsewhere and leaving it, but appending the results to a new array :) – Bryan Zwicker May 19 '15 at 15:30
  • Excellent! The problem was that I forgot to unset it before redeclaring it. Well done! :) – thinkofacard May 19 '15 at 15:43
  • Strange though. When I change the "global $rows" to $rows = array(); in the function it stops working. – thinkofacard May 19 '15 at 15:47
  • Are you changing the return back to $rows from $sqlresults as well? I changed that in several places. – Bryan Zwicker May 19 '15 at 15:48