0

I have a PHP function that I am converting from using the mysql extension to the mysqli extension.

Everything is going okay, until here. I previously used a mysql_result to get a single piece of data. There is no direct equivalent in mysqli, so I have tried the following but it still doesn't work.

function getdbvalue($table,$value,$idfield,$id) {
  $qrytext = "SELECT $value FROM $table WHERE $idfield LIKE '$id'";
  $valueqry = mysqli_query($dbh,$qrytext);
  if (FALSE === $valueqry) die("Select failed: ".mysqli_error);
  $result = mysqli_fetch_row($valueqry);
  $returnvalue = $result[0];
  return $returnvalue;
}

I have verified that the variables are passing to the function okay, and the function is actually getting triggered. If I return $id I see the ID numbers.

I don't get an error for the query.

SOLVED:

I needed to add the database connection variable as a global in the function:

Working code:

function getdbvalue($table,$value,$idfield,$id) {
  global $dbh; // This was missing!
  $qrytext = "SELECT $value FROM $table WHERE $idfield LIKE '$id'";
  $valueqry = mysqli_query($dbh,$qrytext);
  if (FALSE === $valueqry) die("Select failed: ".mysqli_error);
  $result = mysqli_fetch_row($valueqry);
  $returnvalue = $result[0];
  return $returnvalue;
}

Thanks to everyone for their help. :)

Dwev
  • 163
  • 1
  • 5
  • If you change like for = ?? – Hackerman Apr 11 '13 at 15:21
  • try a `var_dump` of `$result`. – christopher Apr 11 '13 at 15:23
  • @RobertRozas no change between LIKE and = – Dwev Apr 11 '13 at 15:25
  • As good as it is that you switched from mysql_ to mysqli you should really be using PDO because its better – Lemon Drop Apr 11 '13 at 15:27
  • @ChrisCooney returns NULL – Dwev Apr 11 '13 at 15:30
  • @lemondrop baby steps... mysqli seemed closer to mysql so it should be easier to port old scripts. I'll look at PDO for the next project though. – Dwev Apr 11 '13 at 15:31
  • Ooh! I just tried connecting to the DB again inside the function and it worked! Why doesn't it recall the connection? – Dwev Apr 11 '13 at 15:33
  • @Dwev consider using OOP interfaces for your database abstraction layers; you can store a state (the database connection) and inject the dependencies. It's also way better to be maintaining in the long run. Switch to PDO; it supports more than just MySQL (and after a year or four of using it, there's a high chance you'll be annoyed at deploying stuff and will want to use models and sqlite/postgres) – Amelia Apr 11 '13 at 15:39
  • @Hiroto OOP is something I know I should learn properly, but it hasn't clicked for me yet. I'm so used to procedural programming it is a paradigm shift for me to start OOP. :/ – Dwev Apr 11 '13 at 15:46
  • @Dwev if you're stuck with OOP in general, try a ruby or python class-based tutorial. It's incredibly easy once it clicks, and you can apply it anywhere. – Amelia Apr 11 '13 at 15:50
  • -1 as you choose to keep your unsafe approach. Nothing personal but just to warn anyone who may stumble upon. – Your Common Sense Apr 11 '13 at 15:53
  • Well I got the right answer to the problem I was having, so I'm not sure the -1 is fair. Your comments should be warning enough, but I am new and maybe that's how it works. – Dwev Apr 12 '13 at 16:37

1 Answers1

1

Although it's good idea to automate simple selects, the implementation is highly insecure, and should never be used.

Make it accept SQL query and parameters. It will make it secure.
And also you have to use PDO instead of mysqli

function getdbvalue() {
  global $pdo;
  $args = func_get_args();
  $sql  = array_shift($args);
  $stm  = $pdo->prepare($sql);
  $stm->execute($args);
  return $stm->fetchColumn();
}

have to be used like this (you have to connect to PDO first):

$name = getdbvalue("SELECT name FROM users WHERE id=?", $is);

this is the only proper way

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Normally I'd argue that mysqli can do this too, but it requires so much boilerplate and fluff that PDO is honestly the better choice for ease of use (also, array preparing is far easier) – Amelia Apr 11 '13 at 15:34
  • Even though I found the answer myself, I'll check yours as it includes the global $pdo line which was the problem for me. – Dwev Apr 11 '13 at 15:42