-1

In here I'm going to create a class to work with SQL select using PHP __set magic method.My var_dump array return array(0) { } In the browser.What is the error i have did ?

class helper{

public function __set($table,$id){

    $dbConfig=array("localhost","itXXXXX","itXXXXX","u?XXXXXXX");
               $pardConfig=new PDO('mysql:host='.$dbConfig[0].';'.'dbname='.$dbConfig[1],$dbConfig[2],$dbConfig[3]);

               $sql=$pardConfig->prepare("SELECT * FROM ".$table."WHERE id=".$id);
               $sql->execute();
               $result=$sql->fetchALL(PDO::FETCH_ASSOC); 
               var_dump($result);
  }
        }

$helper = new helper();
$helper->pard_menu = 99;
hakre
  • 193,403
  • 52
  • 435
  • 836
Mr PHP
  • 33
  • 7

1 Answers1

1

Look at the error your query must have produced.

You are missing a whitespace between the table name and the WHERE keyword:

$sql=$pardConfig->prepare("SELECT * FROM ".$table."WHERE id=".$id);
// HERE ------------------------------------------^

change it to:

$sql=$pardConfig->prepare("SELECT * FROM ".$table." WHERE id=".$id);
bwoebi
  • 23,637
  • 5
  • 58
  • 79
  • Woooow.Thanks you.and can you tell me is there any good thing when i use __set in here and do i want to improve any code here ? – Mr PHP Jun 15 '13 at 14:32
  • 1
    @MrPHP If it's good or not, I don't know. and the code is basically okay. – bwoebi Jun 15 '13 at 14:33
  • is it support for sql injection .? do i want to use placeholders ? – Mr PHP Jun 15 '13 at 14:35
  • @MrPHP depends on what you insert: only your own data or also user data. If user data, you should escape your id (the table name you can't escape with placeholders) – bwoebi Jun 15 '13 at 14:37
  • @MrPHP As this answer solved your problem, consider upvoting and accepting it, by clicking on the large green tick mark (✔) under the answer's score. – bwoebi Jun 15 '13 at 14:48