-5

I have the code below and was hoping someone could clarify what the highlighted/commented/obvious lines was doing please 

$result = mysqli_query($db, "SELECT * FROM `tblName` WHERE `id`='" . mysqli_real_escape_string($db, $_GET['id']) . "' LIMIT 0, 1");
$row = mysqli_fetch_assoc($result);
foreach($row as $name => $value) {  // THIS ONE I NEED HELP WITH
    ...
}

Does it basically say "for each column..." - this is where I get stuck

PeeHaa
  • 71,436
  • 58
  • 190
  • 262
pee2pee
  • 3,619
  • 7
  • 52
  • 133
  • Hardly simple terms! Let's assume I need to explain it to my mother or child.... or at least a colleague who understands databases but not PHP – pee2pee Dec 27 '16 at 20:31
  • 1
    @JeremyHarris that hardly is going to help OP. "*This question concerns how it works under the bonnet*" OP is **not** looking for that – PeeHaa Dec 27 '16 at 20:31
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/) if you ever forget to properly escape something. – tadman Dec 27 '16 at 20:32
  • 1
    You're right, it basically says "in the row of data returned, take each column as $name and it's value as $value". – Serg Chernata Dec 27 '16 at 20:32
  • @tadman - indeed, this is just a very very simplified version – pee2pee Dec 27 '16 at 20:33
  • @PeeHaa I was hoping that OP was confused about something more in-depth than can be easily Googled. For example: https://www.safaribooksonline.com/library/view/php-in-a/0596100671/ch04s11.html – Jeremy Harris Dec 27 '16 at 20:34
  • 2
    Read the [documentation](http://php.net/manual/en/control-structures.foreach.php). It always helps. – axiac Dec 27 '16 at 20:34
  • @pee2pee Parameterized queries are often more simplified than this alternative since the query itself isn't broken up into bits and cluttered up with all sorts of escaping junk. If you can keep your code simple you can keep it understandable. – tadman Dec 27 '16 at 20:34
  • @JeremyHarris you must be new here :P – PeeHaa Dec 27 '16 at 20:35
  • I fail to see the value of this question as this is simple code that uses functions that are clearly explained in the official PHP documenation. – cteski Dec 27 '16 at 20:37
  • @JeremyHarris how does that relate to a DB query though. In a normal for loop, yes, but in a MySQL situation, I wanted it to be clear – pee2pee Dec 27 '16 at 20:39
  • T'is the season to be jolly.... unless you're on SO :-) – pee2pee Dec 27 '16 at 20:42
  • 1
    @pee2pee I have a massive answer written, but the question was closed (in fairness I started that close vote). Maybe it will help: http://pastebin.com/f5hXdgD4 – Jeremy Harris Dec 27 '16 at 21:05
  • Luckily, the beauty of prepared statements is such that you never need concern yourself with such archaic code. – Strawberry Dec 27 '16 at 22:39
  • I know, I know... – pee2pee Dec 28 '16 at 09:33
  • @juergend wth did you dupe close it against the thing we all agreed on was not a dupe? It should be closed but that makes no sense. – PeeHaa Dec 28 '16 at 11:49

1 Answers1

2

It's a foreach loop. So it can be translated to...

for every object in the $row variable, assign that object to the new variable $name, with its corresponding value as $value

That will loop N times, where N is the number of rows returned. Each time the loop is iterated, the $name and $value variables are re-initialized to the new row's contents.

TheValyreanGroup
  • 3,554
  • 2
  • 12
  • 30
  • Just wanted to be sure it included the column names rather than just records – pee2pee Dec 27 '16 at 20:40
  • Yes. That's what adding the `=>` does. – TheValyreanGroup Dec 27 '16 at 20:41
  • Will accept this as answer as soon as I can – pee2pee Dec 27 '16 at 20:43
  • That's not at all "what the `=>` does", `$name` will contain the row's *numeric* index in the result set, and `$value` will contain the row itself. Whether or not the row includes the column names depends entirely on which `fetch` function is called. In this case calling `fetch_assoc` is what gets the column names as keys in the `$row` array. – Sammitch Dec 27 '16 at 20:47