0

I have a function that is supposed to give me a staff members name from his ID number so my php is like this

$staffId = $_GET['staff_id'];
$staff = staff_load($staffId);

and my function is like this

function staff_load()
{
$dbh = dbh_get(); //connects to database

$sql = 'select user_name from user_staff where user_id = ?';
$stmt = $dbh->prepare($sql);
$stmt->execute();
$staff = $stmt->fetch();

dbh_free($dbh); //disconnects from database
return $staff;
}

But when I try and use the $staff variable, it shows nothing. I can't work out what I'm doing wrong. I've tried a bunch of variants and gotten nowhere except frustrated.

<td>Book for ' . $staff . '</td>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Kilisi
  • 402
  • 11
  • 33

2 Answers2

3

First, you forgot to include the parameter in your function definition:

function staff_load($id) {

Then you need to bind the parameter of the prepared statement.

$sql = 'select user_name from user_staff where user_id = $1';
$stmt = $dbh->prepare($sql);
$stmt->execute(array($id));

Next, fetch() returns an array, you need to extract the user_name element from the array:

$row = $stmt->fetch();
if ($row) {
    $staff = $row['user_name'];
} else {
    $staff = false;
}
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • changed function to this but still nothing function staff_load($staffId) { $dbh = dbh_get(); $sql = 'select user_name from user_staff where user_id = :staffId'; $stmt = $dbh->prepare($sql); $stmt->execute(); $stmt->bindParam(':staffId', $staffId); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { $staff = $row['user_name']; } else { $staff = false; } dbh_free($dbh); return $staff; } – Kilisi Jan 23 '17 at 09:40
  • Are there any errors? Have you enable PDO's error signalling? Can you confirm that you're using PDO as I assumed? – Barmar Jan 23 '17 at 15:59
  • I assumed it was PDO because `$stmt->fetch()` is the syntax for that API. What API are you using? – Barmar Jan 23 '17 at 18:52
  • can it be written without api? I'm not a programmer, but doesn't have pdo in other functions. It's just php to postgresql database – Kilisi Jan 23 '17 at 19:52
  • this is a statement that works function user_options() { $dbh = dbh_get(); $options = ''; $sql = 'select user_id, user_name from user_staff where user_id>7 ORDER BY user_name'; $stmt = $dbh->prepare($sql); $stmt->execute(); while (true) { $r = $stmt->fetch(); if (is_bool($r)) break; $options .= ''; } dbh_free($dbh); return $options; } – Kilisi Jan 23 '17 at 20:03
  • @Kilisi There's always an API. Whatever function you use to make database queries is the API. – Barmar Jan 23 '17 at 20:13
  • well, I tried what you had, and it doesn't work, any ideas? – Kilisi Jan 23 '17 at 20:14
  • It's not clear what functions you're using. According to http://php.net/manual/en/book.pgsql.php, the functions for making PostgreSQL queries all begin with `pg_`, but you're not calling those functions in the code you posted. I guess it's being done in the database class you're using. – Barmar Jan 23 '17 at 20:17
  • I've changed my answer to use a prepared statement as described in http://php.net/manual/en/function.pg-prepare.php. – Barmar Jan 23 '17 at 20:20
0

first of all you have to pass parameter to staff_load function

function staff_load($staffId)

secondly you should bind parameter

$sql = 'select user_name from user_staff where user_id = :user_id';
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':user_id', $staffId);
Dima
  • 11
  • 2