Retrieving rows from database and storing to session arrays

Question

I am trying to retrieve rows from a database and store them to an array/ session array (I am a bit lost). The database I am currently retrieving from has 3 rows.

<?php
session_start();
$user_year = $_SESSION['year'];
$floor = $_SESSION['year_floor'];

include "config.php";
$query = "select * from timetable where '$user_year' = year;
$array = array();

while($row = $query->fetch_assoc()){
  $array[] = $row;

}

  echo '<script>console.log(\"$array\")</script>';
  /* close connection */
  // debug:
  print_r($array); // show all array data
  echo $array[0]['username']; // print the first rows username
  $mysqli->close();
?>

This is what I have pieced together so far, is this close? Any pointers in the right direction would be great thanks.

The database you are currently retrieving has 3 rows? or tables? — Precious Tom, May 04 '18 at 01:44
`$query = "select * from timetable where year = '$user_year';";` — Goma, May 04 '18 at 01:47
So I have, typical. Thank you very much for pointing that out, been up far to long today. — JimmyPop13, May 04 '18 at 01:50
the question is "why?" @PreciousTom all you did was pop in some code with no explanation. It's also open to sql injection. — Funk Forty Niner, May 04 '18 at 01:56

lufc · Accepted Answer · 2018-05-04T01:58:50.913

It's close but not quite. Check the examples at

http://php.net/manual/en/mysqli.query.php and

http://php.net/manual/en/mysqli-result.fetch-assoc.php and

http://php.net/manual/en/mysqli-result.fetch-all.php

Edits below.

I would also consider looking up Binding variables instead of injecting session variables into a query. A malicious user could potentially set your $user_year variable and edit the query. More here: http://php.net/manual/en/mysqli-stmt.bind-param.php

<?php
session_start();
$user_year = $_SESSION['year'];
$floor = $_SESSION['year_floor'];

include "config.php"; //I assume you create a $mysqli object here
$query = "select * from timetable where year = '$user_year'";
$results_array = array(); // I try to avoid using variable types as names so have renamed to results_array

$result = $mysqli->query($query); // mysqli runs the query (see man above)

//The result runs the fetch_assoc (see man above)
while($row = $result->fetch_assoc()){
     $result_array[] = $row;
}

// If you know you have a small result set you could replace the while() loop above with $result_array = $result->fetch_all()

// echo '<script>console.log(\"$array\")</script>'; (this wont work because the client side javascript can't understand the php variable. But you could place this line inside the loop above.)

// debug:
print_r($result_array); // show all array data
echo $result_array[0]['username']; // print the first rows username
$mysqli->close(); // you don't need to do this unless saving memory mid script, but it's good practice so I left it in
?>

This is all fine and dandy and I can see where you "fixed" the problem, but you didn't say anything about that. You just fixed something and having to let everyone look for the differences. It doesn't explain anything. — Funk Forty Niner, May 04 '18 at 01:55
Well I for one am very grateful. Thanks for the helpful links too. — JimmyPop13, May 04 '18 at 01:57

Retrieving rows from database and storing to session arrays

1 Answers1