-2

Now i'm using this code :

global $dbh;

$sql = "SELECT filename FROM t_item where id=".$id;
$req = $dbh->query($sql)->fetch();
$file = $req['filename'];

using : PHP 5.3

I need to repeat this many times, is it possible to fetch directly the value without passing it to $req ?

Mimouni
  • 3,564
  • 3
  • 28
  • 37
  • Why don't you write a function/method for it ? – Daan Jun 09 '16 at 13:29
  • Not on php 5.3. But if you upgrade to php 5.4 you can use array de-referencing, and do `$dbh->query($sql)->fetch()['filename']`. Though I agree it makes sense to write a simple function. – jszobody Jun 09 '16 at 13:29
  • 1
    Try `echo $req = $dbh->query($sql)->fetchColumn();` – Saty Jun 09 '16 at 13:31
  • @jszobody: i can't upgrade. php is on another server. – Mimouni Jun 09 '16 at 13:34
  • 1
    @Saty: thank you fetchColumn works great :D – Mimouni Jun 09 '16 at 13:35
  • 1
    Then find a new webhost! Seriously, php 5.3 is super old. Highly recommend you figure out a way to get up to date. – jszobody Jun 09 '16 at 13:35
  • @jszobody: this is in intranet, and the administrators dosen't like to change it for compatibility with there applications. now the new version 7 of php is realized but .... – Mimouni Jun 14 '16 at 09:59

2 Answers2

1

To get only first value use fetchColumn() instead fetch() because it only Returns a single column from the next row of a result set

$sql = "SELECT filename FROM t_item where id=".$id;
echo $dbh->query($sql)->fetchColumn();

Better use bindParam to prevent it form sql injection

$sql = "SELECT filename FROM t_item where id= :id";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$stmt->fetchColumn();
Saty
  • 22,443
  • 7
  • 33
  • 51
  • Not my DV, but [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 13 '16 at 12:30
  • Yaa i Know but the OP want __fetch directly the value without passing it to $req__ as mention is question that is the reason i'm not suggesting bind and prepare statement!! – Saty Jun 13 '16 at 12:38
  • 1
    You can fetch directly and still prepare @Saty. You know that! – Jay Blanchard Jun 13 '16 at 12:44
  • Anyway i'm updating my answer with the use of `bindParam` @JayBlanchard – Saty Jun 13 '16 at 12:48
  • Just one more bit of info: The question of comments + downvotes has been discussed ad nauseum on Meta. Many folks just choose to DV and move on. Many offer advice. Many try to light the path for newbies. The upshot is you can ask for a downvoter to explain their actions all day long, but you're likely not going to get a response. – Jay Blanchard Jun 13 '16 at 12:54
  • @Saty: thank you for your help. i searched in internet about 'fecthcolumn' and I found : $result = $bdd->query($sql)->fetch(PDO::FETCH_COLUMN); is there different then : $dbh->query($sql)->fetchColumn(); ? or the same just two ways of writing code. – Mimouni Jun 14 '16 at 09:54
  • @IlyasMimouni BOth are different `PDO::FETCH_COLUMN` use with fetch method and `fetchColumn` return single column from the next row of a result set with out use of fetch – Saty Jun 14 '16 at 10:32
-1

Encapsulate those routines into a Function and you may call the function anytime, from anywhere within your Script like so:

    <?php

        function getFilename($id){
            global $dbh;
            $sql = "SELECT filename FROM t_item where id=".$id;
            $file =$dbh->query($sql)->fetchColumn();
            return $file;
        }

        echo getFilename(2);  // ECHOES THE FILENAME FOR THE ENTITY WITH ID=2
Poiz
  • 7,611
  • 2
  • 15
  • 17
  • I like this answer save for one thing - [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 13 '16 at 12:55