0

I've messed up a bit with my php and just wanted some help. At the moment my code takes the values that are selected from the dropdown boxes and puts the values along with their corresponding row in a table, into a 3D array. However, it only needs to be a 2D array but I don't know how to get rid of the first dimension of the 3D array. Php code:

<?php
function startmatching(){
    define( "DB_DSN", "mysql:host=localhost;dbname=FoodMatching");
    define( "DB_USERNAME", "root");
    define( "DB_PASSWORD", "" ); 

    // define the empty array to be filled from db

    $results = array();
    // any other php tasks that dont needthe ingcats
    // store sql

    $IngName = $_POST['IngredientName'];
    $IngCounter=0;
    while($IngCounter<count($IngName)){
        $sSQL = "SELECT IngID, IngName, Texture, Colour, Bitter, Sweet, Sour, Salty, Umami FROM IngredientCharacteristics WHERE IngName='$IngName[$IngCounter]'";
        // create an instance of the connection
        $conn   = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
        // prepare
        $st   = $conn->prepare( $sSQL );
        // execute the connection
        $st->execute();
        $counter=0;
        // while myslq has rows loop over them and store
        while($row = $st->fetch() ){
            $results[$counter][] = $row;
            $counter++;
        }
        $IngCounter++;
    }
    print_r($results);
}
?>

html:

 <form method='post' role="form" autocomplete="off">

    <div class="entry input-group col-xs-3">
        <?php //this function takes the ing id and ingname from ingredientcharacteristics table.
                    // if there are results stored create the select and loop over
                    if(!empty($aIngList)){
                        echo "<span class='form-control' style = 'float:left; font-size: 20px;font-family:'Helvetica Neue' ><select name = 'IngredientName[]' class = 'custom-dropdown__select custom-dropdown__select--white'>";
                        //class = 'custom-dropdown custom-dropdown--white'
                        echo "<option value='' default >Choose an Ingredient</option>";
                        foreach ($aIngList as $iIngID => $sIngName) {
                            echo "<option value='".$sIngName."' >".$sIngName."</option>";
                        }
                        echo "</select></span>";
                    }else{
                        echo "<p>No results available!</p>";
                    }
                ?>

        <span class="input-group-btn">
            <button class="btn btn-success btn-add" type="button">
                <span class="glyphicon glyphicon-plus"></span>
            </button>
            <button type="submit" class="hidden" name="startmatch" value ="startmatch" id="submit-form"></button>
        </span>
    </div>


</form>

Outputting $results gives the following:

Array

    (
        [0] =&gt; Array
            (
                [0] =&gt; Array
                    (
                        [IngID] =&gt; 2
                        [0] =&gt; 2
                        [IngName] =&gt; Apples Fresh
                        [1] =&gt; Apples Fresh
                        [Texture] =&gt; 4
                        [2] =&gt; 4
                        [Colour] =&gt; 8
                        [3] =&gt; 8
                        [Bitter] =&gt; 7
                        [4] =&gt; 7
                        [Sweet] =&gt; 3
                        [5] =&gt; 3
                        [Sour] =&gt; 4
                        [6] =&gt; 4
                        [Salty] =&gt; 8
                        [7] =&gt; 8
                        [Umami] =&gt; 9
                        [8] =&gt; 9
                    )

                [1] =&gt; Array
                    (
                        [IngID] =&gt; 2
                        [0] =&gt; 2
                        [IngName] =&gt; Apples Fresh
                        [1] =&gt; Apples Fresh
                        [Texture] =&gt; 4
                        [2] =&gt; 4
                        [Colour] =&gt; 8
                        [3] =&gt; 8
                        [Bitter] =&gt; 7
                        [4] =&gt; 7
                        [Sweet] =&gt; 3
                        [5] =&gt; 3
                        [Sour] =&gt; 4
                        [6] =&gt; 4
                        [Salty] =&gt; 8
                        [7] =&gt; 8
                        [Umami] =&gt; 9
                        [8] =&gt; 9
                    )

            )

    )

I don't know how to get rid of the extra array so any help would be appreciated :)

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
pmpman
  • 13
  • 3
  • This line `$results[$counter][] = $row;` – u_mulder Nov 26 '16 at 17:03
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Nov 26 '16 at 17:07
  • `$results[$counter][] = $row;` should be `$results[] = $row;` The `$counter` variable is totally unnecessary – RiggsFolly Nov 26 '16 at 17:09
  • Ok thanks and i'll sort out the sql injection :) – pmpman Nov 26 '16 at 17:38
  • What kind of attacks am I protecting against, given that the user input is from a set of results and they can't actually type anything into the dropdown box? – pmpman Nov 26 '16 at 18:10
  • @pmpman Are you expect an array with more then 1 value in `$_POST['IngredientName']`? – jaro1989 Nov 26 '16 at 18:44

1 Answers1

0

The problem is this line:

$results[$counter][] = $row;

The solution is to change it to 

$results[] = $row;

PHP will automatically append $row to $results meaning that you don't need your $counter variable at all.

jcuenod
  • 55,835
  • 14
  • 65
  • 102