-1

I have this function:

function dulide($uid) {
    global $mysqli, $sm;
    $city = $mysqli->query("SELECT city FROM users WHERE id = '" . $sm['user']['id'] . "'");
    $haha = $city->fetch_assoc();
    $citye = $haha['city'];
    $sql = "SELECT id,age,name,email,city,fixed FROM users WHERE fixed=1 AND city = '" . $citye . "' LIMIT 5";
    $query = $mysqli->query($sql);

    if ($query->num_rows > 0) {
        while ($user = $query->fetch_object()) {
            $return .= '<tr><td> ' . $user->name . ' </td></tr><tr><td>';
            $uid = $user->id;
            $photos = $mysqli->query("SELECT photo FROM users_photos WHERE approved = 1 and profile = 1 and u_id = '" . $uid . "' order by id desc LIMIT 1");
            if ($photos->num_rows > 0) {
                while ($up = $photos->fetch_object()) {

                    $return .= '<img src="' . $up->photo . '" alt="Smiley face" height="50" width="50">';
                }
            }
            $return .= ' </td></tr> ';
        }
    }
    return $return;
}

When I try to call the function with 

<?=dulide($uid); ?>

Nothing happens. Do anyone have a solution for this?

Huge amount of charma and blessings is given out! :)

Thanks on behalf

Jite
  • 5,761
  • 2
  • 23
  • 37
KingLove
  • 3
  • 6
  • 3
    You need to debug this yourself. Step by step – Rotimi Sep 17 '17 at 19:11
  • Im not sure at this point but how about using `echo $return` instead of `return $return`? The `return` statement will just return the value of `$return` but is not made to display data. – Spears Sep 17 '17 at 19:20
  • yes, but when i call the function at =dulide($uid);?> i guess it echo the function? So no need to write echo in the function? right? – KingLove Sep 17 '17 at 19:24
  • You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare) and [`mysqli_stmt::bind_param()`](http://php.net/mysqli-stmt.bind-param). – Qirel Sep 17 '17 at 20:22

1 Answers1

0

So turns out there was a database fault that made my function not work..Thanks for your help, another time would be good to make }else{ after num rows to post if no result :)

KingLove
  • 3
  • 6