Can't put php variable in php array

Question

I read this questions

How do I insert a variable into a PHP array?

But I think it is no more valid in php 7.

Fatal error: Constant expression contains invalid operations in D:\Business_Work\Apache24\htdocs\garbagevalue\books_solution\models.php on line 82

I'm creating an array using which I will generate HTML forms.
In the SELECT input of the form, I have to give options dynamically fetched from some table. But the problem is I can't put anything dynamic on the array. getIds method returns the array of options for select field.

class Chapters extends Models{
        protected $tableName = APP.'_chapters';
        protected $formDef = [
            ['Chapter Number', 'text', ['required']],
            ['Chapter Name', 'text', ['required']],
            ['Keywords', 'text', ['required']],
            ['Description', 'text', ['required']],
            ['Select Book', 'select', ((new Chapters())->getIds((new Books())->$tableName))]
        ];
    }
}

Argument of the method getIds() is a string and it returns an array (I've tested that function). This function is the member of the Base class Models.

public function getIds($table, $field=NULL, $value=NULL){
            require BASE_PATH.'/ap-admin/connection.php';
            if($field == NULL){
                $sql = "SELECT id FROM ".$table;
            }
            else{
                $sql = "SELECT id FROM ".$table." WHERE ".$field." = ".$value;
            }
            $result = $con->query($sql);
            return $result->fetch_row();
        }

So How I can put a variable or dynamic data in a php array in php7 ?

: "It looks like you're writing your own ORM. Have you considered using one that's already written, tested, and widely supported like [Doctrine](http://www.doctrine-project.org/), [Propel](http://propelorm.org/) or [Eloquent](https://laravel.com/docs/master/eloquent)?" — tadman, Jun 13 '18 at 04:21
@Phil He's back! I'm just dying for *combining-character-eyeballs* to be pushed into the Unicode spec. — tadman, Jun 13 '18 at 04:27
@tadman I don't know what an ORM is, I'm just creating some protocols combined with a CMS to make applications of a project loosely coupled and can be reused in other projects without making major/any changes. I'm making rules for me to improve my way of creating projects and applications. — Siraj Alam, Jun 13 '18 at 04:32
The problem with accidentally writing an ORM is you often don't realize how difficult that is, and your solution here, while certainly an achievement, is also going to become a huge liability in the future. Eloquent, which is but one example, already does everything this code does and a ton more out of the box. It's tested, it's documented, and if someone else had to work on the code you wouldn't have to explain it to them. — tadman, Jun 13 '18 at 04:34
The biggest problem here is that this code looks like it suffers from severe [SQL injection holes](http://bobby-tables.com/) which means it's not safe to deploy for public consumption. That's not an academic concern, there are automated probes that will hit your site, poke around, and if they find a vulnerability, will deploy hostile code. — tadman, Jun 13 '18 at 04:35
I'm using prepared statements for every query which contains some data coming from the user. I'd be pleased if you mention where it is vulnerable to SQL injection? — Siraj Alam, Jun 13 '18 at 04:40
Just using prepared statements isn't enough, you also have to bind parameters. For example, this ~ `" WHERE ".$field." = ".$value` is **not** safe — Phil, Jun 13 '18 at 04:48
As I said @Phil, there's no user involvement with these variables in the query, so here I did not use the prepared statement. And obviously, I bind parameters wherever I use a prepared statement. But in this, I think it is completely safe. — Siraj Alam, Jun 13 '18 at 04:50

Can't put php variable in php array

0 Answers0