Invalid argument supplied for foreach in PHP,

Question

I am running a PDO query on a MySQL database and I get an error saying there is invalid argument supplied for the foreach. On the frontend, I just pass a string to $questionTable and an integer for $questionID.

What am I doing wrong?

$query = $this->dbConnection->query("SELECT * FROM ('$questionTable') WHERE id = ('$questionID')");
foreach ($query as $row) {
 echo $row;
};

What is the value of `$query`? What api is used - PDO or mysqli or else? — u_mulder, Aug 18 '17 at 09:43
You need to get the result set of the query to iterate the rows in your loop. You are expected to do some research before you post a question on SA. I'm guessing there are many tutorials to show you what is missing. — xander, Aug 18 '17 at 09:44
What tutorial? Seems not a good one, if you want read the official PHP PDO manual there are enough examples: http://php.net/manual/en/book.pdo.php — xander, Aug 18 '17 at 09:47
Passing these values from the front-end and injecting them directly in a query is a very bad idea. You should use white-lists for the table- and column names and a prepared statement for the values. — jeroen, Aug 18 '17 at 09:48

score -1 · Answer 1 · answered Aug 18 '17 at 09:47

-1

Is it because of we shouldn't put '' into the query? I mean: $query = $this->dbConnection->query("SELECT * FROM ($questionTable) WHERE id = ($questionID)");

answered Aug 18 '17 at 09:47

Minalinsky

277
6
16

So the way to extract a parameter's value is by enclosing it with parentheses? That is so weird. – konyv12 Aug 18 '17 at 09:50
The parentheses are useless. They only bloat the query. – axiac Aug 18 '17 at 09:51
How am I supposed to do it then? – konyv12 Aug 18 '17 at 09:52
@konyv12: The last time i write something like this is without parenthese. like SELECT * FROM $tablename WHERE id = $id, but i'm sorry that i'm not sure is there the difference between i used and your case. – Minalinsky Aug 18 '17 at 09:57

Invalid argument supplied for foreach in PHP,

1 Answers1