-2

If there is data the first part works great. When there are no $res the else portion is not echoing.

IO have tried using this but the ! $row stops and will not echo anything inside. so I rewrote it to the php script below which is more straight forward. I was now that worried about sql injection since I am cleaning id as well as verifying the user is actually logged into the system. 

$stmt = $conn->prepare('SELECT * FROM table WHERE ID=?');
$stmt->bindParam(1, $_GET['id'], PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);

if( ! $row)
{
    die('nothing found');
}else { 
enter code here
}

Thjs is my entire php page.

$db = new PDO (connection string. )

            <?php
            error_reporting(0);
            include_once("php_includes/db_conx.php");
            if($_GET['id'] != ''){
                $id = preg_replace('#[^0-9]#', '', $_GET['id']);
                $sql="SELECT nextdue, alert, completed, page_id, page_type FROM medical where id=$id limit 1";
                        $alertdiv = "";
                if ($res = $db->query($sql)) {

                            $alertdiv = "";
                        foreach( $db->query($sql) as $data ) {              
                            //if alert is set to Y create div to show the type and stuff. 
                            $timestamp = $data[0];
                            if ($data[1]=='y'){
                                if($timestamp > date("Y-m-d")) {
                                $alertdiv .= "This alert is in the Future.<br>";
                            }
                            if($timestamp < date("Y-m-d")) {
                                  $alertdiv .= "This alert is pastdue.<br>";
                            }
                            if($timestamp == date("Y-m-d")) {
                                  $alertdiv .= "This alert is due Today.<br>";
                            }
                            $alertdiv .= "<table><tr><td width='50'>Method</td><td>Description</td><td>Destination</td><td>Completed</td><td>Date Due</td><td>Action</td></tr><br>";    

                            $completed = $data[2];
                            $page_id = $data[3];
                            $page_type = $data[4];
                                //check completed

                                //get page details 
                                switch ($page_type) {
                                       case "d":
                                        $alertdiv .= "<tr id='selectedmethodtr' value='d0'>";
                                             $alertdiv .= "<td width='10'>Default</td><td>Dashboard</td><td>Dashboard</td>";
                                             break;
                                       case "e":
                                        $alertdiv .= "<tr  id='selectedmethodtr' value='e$data[3]'>";
                                             $sql1 = "SELECT description, email from page_email where page_email_id=$page_id";
                                                foreach( $db->query($sql1) as $data1 ) {    
                                                    $alertdiv .= "<td width='50'>E-Mail</td><td>$data1[0]</td><td>$data1[1]</td>";
                                        }   

                                             break;
                                       case "p":
                                        $alertdiv .= "<tr  id='selectedmethodtr' value='p$data[3]'>";
                                              $sql1 = "SELECT description, phone, carriervalue from page_phone where page_phone_id=$page_id";
                                                foreach( $db->query($sql1) as $data1 ) {    
                                                    $alertdiv .= "<td width='50' >E-Mail</td><td>$data1[0]</td><td>$data1[1]</td>";
                                        }   
                                             break;
                                    }

                                    switch ($completed) {
                                       case "0":
                                             $alertdiv .= "<td>No</td>";
                                             break;
                                       case "1":
                                             $alertdiv .= "<td>Yes</td>";
                                             break;

                                    }
                                $alertdiv .= "<td>$timestamp</td>";
                             $alertdiv .= "<td><a onClick=deleteAlert($id) id='deleteAlert'><i class='fa fa-trash-o fa-lg'></i></a></td></tr>";
                        }
                    }//end if data[1]
                $alertdiv .= "</table>";
                 echo $alertdiv;
                    }else {
                        $alertdiv .= "Alert Type is set Default Dashboard! <br>";
                        $alertdiv .= "<table id='selectedmethodtable'>";
                        $alertdiv .= "<tr>";
                        $alertdiv .= "<td>Description</td>";
                        $alertdiv .= "<td >Method</td><option id='selectedmethodtr' value='d0' ></option>";
                        $alertdiv .= "</tr>";
                        $alertdiv .= "<tr ><td>DashBoard</td><td>Default</td></tr>";
                        $alertdiv .= "</table>";
                         echo $alertdiv;
                    }

            }
            ?>
user1956040
  • 111
  • 2
  • 12
  • well there are parse errors to start with. – Funk Forty Niner Apr 02 '18 at 20:14
  • 2
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Apr 02 '18 at 20:15
  • 2
    I'm kind of concerned seeing "medical" in a query with obvious and terrifying SQL injection holes. Does this code handle medical data? If so, do you need to be HIPAA compliant? – tadman Apr 02 '18 at 20:15
  • and an undefined constant. – Funk Forty Niner Apr 02 '18 at 20:16
  • why was this post reopened? `alertdiv` constant and missing semi-colons. I'm flagging this for moderation. @Quentin – Funk Forty Niner Apr 02 '18 at 20:18
  • @FunkFortyNiner — Because the close reason was wrong. It didn't address the question. – Quentin Apr 02 '18 at 20:19
  • @Quentin you're kidding me – Funk Forty Niner Apr 02 '18 at 20:20
  • 1
    @FunkFortyNiner — The code has errors in it, but the question isn't asking about those errors. Possibly it should be closed due to a lack of a [mcve], but the gist of the problem seems clear enough even with the errors. – Quentin Apr 02 '18 at 20:20
  • @Quentin that's because the `if` for num_row shows that there are results or not in else. The `if` is valid code.... it's what happens "after" that the errors are. The rest breaks because error reporting wasn't set. My hammers were valid to what was posted. – Funk Forty Niner Apr 02 '18 at 20:22
  • 1
    @FunkFortyNiner — No, there would have been a valid response if the question had asked about those errors … but it doesn't. – Quentin Apr 02 '18 at 20:24
  • then this isn't a mysql question then @Quentin that tag should probably be removed, but that's just me. I really have to wonder though as to what they did to debug this. If they didn't have error reporting then they couldn't have posted php errors. However, if they have and they failed to post it, then the post is unclear. `mysqli_error($db)` should have also been used, if it's a mysql related issue. – Funk Forty Niner Apr 02 '18 at 20:26
  • I am not having an issue with the logic. If is only the else portion. I have also tried this as well. $stmt = $db->prepare('SELECT * FROM medical where id=? limit 1'); $stmt->bindParam(1, $id, PDO::PARAM_INT); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (empty($results)){} echo "nothing here"; } else { } – user1956040 Apr 02 '18 at 20:29
  • so now you're mixing mysql apis, as per that error and code. – Funk Forty Niner Apr 02 '18 at 20:32
  • if ($res = $db->query($sql)) { If this is true then I get the results i need. If this is not true then is bypasses my else statement and there is nothing echoed. – user1956040 Apr 02 '18 at 20:40

1 Answers1

1

Your comments ("found results") are wrong.

I'm assuming that $db->query is mysqli's query method.

Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

It is a true value if the query ran successfully, even if that query found no matching rows.

You'll get a false result if there was an error running the query.

To test if there are no results, you should use num_rows.

if ($res = $db->query($sql)) { // Query ran without errors
    if ($res->num_rows == 0) {
        // There were no results found
    } else {
        while($row = $res->fetch_assoc($result)) {
           // Do stuff with the data in the `$row`
        }
    }
} else {
    // There was an error running the query
}
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335