if preg_match does not change var to false

Question

Ive been studying "the missing manual" by brett m. Its out of date. I.ve been replacing mysql func. Thats not the problem. I run an if statement to match a sql command using preg match. Before the if I set a var to true. If preg match returns a match, var is then changed to false. If does not run. Script executes to mysqli_fetch. Please help.

$return_rows=true;
If(preg_match("/^\s*(CREATE|INSERT|UPDATE|DELETE|DROP)/i", $query_text))
{
    $return_rows=false;
}
If($return_rows)
{ 
  While($row=mysqli_fetch_row($result)){ echo $row[0]; }
}
else{ echo "query processed"; }
mysqli_close($u);

Answer 1

Just cover the SELECT query. cause SELECT is the main query of requesting data from database.

if( strtolower( substr( trim( $query_str ) ) , 0, 6) == "select"){ 
    // SELECT query is being requested
    while($row=mysqli_fetch_row($result)){ echo $row[0]; }

else{ echo "query processed"; }

mysqli_close($u);

Now, you can continue your works without any problems

Answer 2

Instead of using an if to only update your $return_rows in one of the cases, assign the regex match result directly:

$return_rows = !preg_match("/^\s*(CREATE|INSERT|UPDATE|DELETE|DROP)/i", $query_text);

The ! here is a negation. You might want to use a more appropriate variable name instead.

Then use your if check to fetch rows, or print a message else:

if ($return_rows) {
    // fetch rows
}
else {
    // no fetching
}

Also consider using PDO instead of mysqli. It's way less circuitous with parameter binding.