0
function loaditem() {

global $connection;
$item_Id = escape($_GET['edit_item']);


$query = "SELECT * FROM stock_management WHERE ID = $item_Id ";
$select_item = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($select_item)) {
    $id = escape($row['ID']);
    $image = escape($row['item_image']);
    $name = escape($row['prod_name']);
    $supplier = escape($row['supplier_name']);
    $pexvat = escape($row['P_PRICE_EXVAT']);
    $sellprice = $row['P_SELL'];
    $size = $row['SIZE'];
    $stock =$row['stock_level'];
    $lastpurchase = $row['L_PURCHASE'];
    $Stock_Location = $row['Stock_Location'];

}

}

Right so here's my problem I have this function to query my database and retrieve the following information. now the problem I'm having is retrieving the said values out of the function on the page I'm calling it for example im trying to echo in a text field 

<?php echo htmlspecialchars(stripslashes($name));?>

But it just keeps saying undefined variable i've tried returning return $name; with no luck so im hoping one of you guys can explain what im doing wrong

BenRoob
  • 1,662
  • 5
  • 22
  • 24
  • 1
    Is `escape()` a global sanitize function? If so, don't use 'one function to clean all` method. – Script47 Aug 24 '17 at 14:48
  • Where is `$name` defined? You need to return it and echo the function and if you want all of them return the result of `fetch_assoc` but you'll only get one in the return not all. – Script47 Aug 24 '17 at 14:49
  • There are 2 problems. First, where is `return`? Second, you are inside the `while` loop, so `$name` will get over-written. – Milan Chheda Aug 24 '17 at 14:49
  • @MilanChheda Looks like they are pulling from a unique row hence the `ID = $item_Id` so no it won't get overwritten. OP, even tho you are using a function called escape(), you're using MySQLi and should instead opt for prepared statements – IsThisJavascript Aug 24 '17 at 14:51
  • 1. Why are you `escape`ing values you *retrieve from* the database?! And then you're double escaping them *again* before `echo`. Read [The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/). 2. Just `return $row`, don't tackle individual values one by one. – deceze Aug 24 '17 at 14:52
  • @WillParky93 - In that case, it shouldn't even have `while` loop. – Milan Chheda Aug 24 '17 at 14:53
  • Does the query return only one data? Means the returned data will only be unique? – Rajendran Nadar Aug 24 '17 at 14:53
  • @script47 It is a santize function, Also $name was defined within the function as `$name = $row['prod_name'];` that's what I'm trying to echo out in my form along with the other values –  Aug 24 '17 at 14:53
  • @RajendranNadar It does only return one value it is the id of the item from the URL –  Aug 24 '17 at 15:08
  • @MartinJames the question is closed so I can't help you now. – Rajendran Nadar Aug 24 '17 at 15:11

0 Answers0