Cannot create an array of just inserted record with mysqli in php

Question

I am trying to insert a record into my table and then to use array push to create an array with that record but it seems that I am missing something here.. I use

$insert_sql = "INSERT INTO PasswordResetRequest(email,encrypted_temp_password,salt,created_at) VALUES('$email','$encrypted_temp_password','$salt',NOW());";
$insert_query = mysqli_query($con,$insert_sql);
$ins_result = array();
while($row = mysqli_fetch_array($insert_query)) {
    array_push($ins_result, array(
        'email' => $row['email'],
        'encrypted_temp_password' => $row['encrypted_temp_password'],
        'salt' => $row['salt'], 
        'created_at' => $row['created_at']
    ));
}
if ($ins_result) {
    $user["email"] = $email;
    $user["temp_password"] = $random_string;
    return $user;
} else {
    return false;
}

but I get an array with null, how should I implement it?

Thank you

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Dec 13 '16 at 13:35
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Dec 13 '16 at 13:35
After executing insert query, retrieve last insert id if you have a primary key and then build a query to retrieve the records you want. — Ima, Dec 13 '16 at 13:37

score 0 · Accepted Answer · answered Dec 13 '16 at 13:36

Remember one thing, when you are inserting something its function will return true or false. True means record inserted and false means an error.

If you want to list down all inserted records as I assume that you were trying.

You need to make it in two parts.

// insert record
$insert_sql = "INSERT INTO PasswordResetRequest(email,encrypted_temp_password,salt,created_at) VALUES('$email','$encrypted_temp_password','$salt',NOW());";
$insert_query = mysqli_query($con,$insert_sql);


// select and list all records
$select_sql = "Select * from PasswordResetRequest";
$resultSet  = mysqli_query($con, $select_sql);
while($row = mysqli_fetch_array($resultSet)){
    array_push($ins_result,array('email'=>$row['email'],'encrypted_temp_password'=>$row['encrypted_temp_password'],'salt'=>$row['salt'],'created_at'=>$row['created_at']));
}

I think it will resolve your issue.

Cannot create an array of just inserted record with mysqli in php

1 Answers1