PHP Prepared Statement - Echoing the values
Question
I recently fixed my old and incredibly insecure MySQL query with prepared statements. However, when I run this new query, I'm not being returned any values except when I use print_r for debugging. If I simply echo the value (ie echo $eventid), I'll get an error that I can't convert an array to string. Do I need to add some sort of foreach loop to this query? Thank you all so much for continuing to help me learn! :)
<?php
echo "<div class='container target'>
<div class='container'>
<div id='quick-access'>
<form class='form-inline quick-search-form' role='form'>
<div class='form-group'>
<input type='text' id='name' name='name' class='form-control' placeholder='Driver name'>
</div>
<button type='submit' id='quick-search' class='btn btn-custom'><span class='glyphicon glyphicon-search custom-glyph-color'></span></button>
</form>
</div>
</div>";
?>
<?php
$conn = new mysqli('localhost', 'Username', 'password', 'Database');
if($conn->connect_errno > 0)
{
die('Unable to connect to database [' . $conn->connect_error . ']');
}
# SQL WITH QMARK PLACEHOLDER (USING TABLE ALIASES)
$sql = "SELECT e.personaId, e.ID AS event_id, e.EVENTID, e.rank, e.carId,
e.alternateEventDurationInMilliseconds,
p.iconIndex, p.cash, p.level, p.created, p.score, p.motto,
p.repAtCurrentLevel, p.rep, p.name AS p_name
FROM EVENT_DATA e
INNER JOIN PERSONA p ON e.personaId = p.ID
WHERE (p.name = ? AND e.EVENTID = '43'
AND e.alternateEventDurationInMilliseconds > '0')";
# INITIALIZE ARRAYS - TWO METHODS: array() or []
$name = array(); $avatarimg = []; $cash = array(); $level = array(); $createddate = [];
$driverscore = array(); $motto = []; $repcurrent = array(); $reptotal = [];
$personaid = array(); $eventid = []; $milliseconds = array();
# PREPARED STATEMENT
$stmt = mysqli_prepare($conn, $sql) or die(mysqli_error($conn));
# BIND PARAM
$param=mysqli_real_escape_string($conn, $_GET['name']);
mysqli_stmt_bind_param($stmt, "s", $param);
# EXECUTE STATEMENT
if (mysqli_stmt_execute($stmt)){
$result = $stmt->get_result();
# CHECK ROWS
if(mysqli_num_rows($result) > 0) {
# ITERATE THROUGH ROWS
while ($row = mysqli_fetch_array($result)){
# APPEND TO ARRAYS
$name[] = mysqli_real_escape_string($conn, $row['p_name']);
$avatarimg[] = mysqli_real_escape_string($conn, $row['iconIndex']);
$cash[] = mysqli_real_escape_string($conn, $row['cash']);
$level[] = mysqli_real_escape_string($conn, $row['level']);
$createddate[] = mysqli_real_escape_string($conn, $row['created']);
$driverscore[] = mysqli_real_escape_string($conn, $row['score']);
$motto[] = mysqli_real_escape_string($conn, $row['motto']);
$repcurrent[] = mysqli_real_escape_string($conn, $row['repAtCurrentLevel']);
$reptotal[] = mysqli_real_escape_string($conn, $row['rep']);
$personaid[] = $row['personaId'];
$eventid[] = $row['EVENTID'];
$milliseconds[] = $row['alternateEventDurationInMilliseconds'];
}
}
}
print_r($name);
print_r($eventid);
?>
1 answers
solution1
1 ACCPTED 2018-09-23 19:40:13
When you use $name[] = mysqli_real_escape_string($conn, $row['p_name']); it adding every single result of your select query into an array. That is why when you try to echo it is not working.
Here is an easy way to see it.
foreach ($name as $n) {
echo $n . '<br />';
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.