1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:13 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Problem with arrays and collecting data from MySQL

         

Chran

9:27 am on Feb 9, 2007 (gmt 0)

10+ Year Member



Hello coders!

I am working on a project but got stuck at what seems to be a really simple thing. But I am a beguinner at PHP and I just cant figure out how to solve this.

I have a page where I have a dynamically generated product list. Each product has a checkbox. The checkboxes has the following variables:
name="prod[]" value="<?php echo $row_articles['unique'] type="checkbox"

That form seems to be working fine. However, I want to send this form to another page. On that page I want to print, not the unique ID that are being transferred from the form, but the product title of all the selected products on the previous page. Here is the code that I have put on the second page: 


<html> 
<head> 
<title>Page title</title>
<?php
$arts = $_POST[prod];
$length = count($arts); 
$query_products = "SELECT title FROM articles WHERE unique = 'mysql_fetch_array($arts)'";
$products = mysql_query($query_products) or die(mysql_error());
?>
</head> 
<body> 
<?php 
for($i=0; $i < $length; $i++) { 
$row = mysql_fetch_array($products);
print_r($row);
}
?>

This code doesnt print anything. If I enter echo $products in the body I get Resource id #3 but as soon as I use the mysql_fetch_array I get nothing. Does the Resource id #3 mean there is something or would this also show if the value was empty? Where am I going wrong?

cameraman

10:41 am on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Welcome to WebmasterWorld, Chran!

The way you have it set up, $_POST['prod'] gives you an array of unique ids.
mysql can look for a column matching an array, but it wants the array to be a comma separated list. You can do something like this:
$arts = implode(',',$_POST['prod']);
$arts = mysql_real_escape_string($arts);

The first line turns the array into a comma separated string: 10,20,25,30
The second one immunizes you from sql injection - you should get into the habit of doing that to all POST or GET values (well, to ones that will be used in queries and such - generically, you should always make sure that data you get back doesn't have any surprises).

Now you can structure your query like this:
$query_products = "SELECT title FROM articles WHERE unique IN ($arts)";

The above assumes that unique is numeric. If it's not, each of the values needs to be surrounded by quotes like you have in your posted sql. To get that, you'd modify the implode:
$arts = implode("','",$_POST['prod']);

That first parameter is a double quote, single quote, comma, single quote, double quote.
That gets you to 10','20','25','30
You'd still need single quotes at the beginning and end, so you could either concatenate them on or just take care of it in the sql:
$query_products = "SELECT title FROM articles WHERE unique IN ('$arts')";

The resource id means that mysql didn't have any problems with the query - it may not have any data, but there's no problems. To make your scripts more robust, you can use a structure similar to:
if($result = mysql_query($sql)) {
if(mysql_num_rows($result) {
// do stuff
} // EndIf have row(s) of data
else {
// do other stuff
} // EndElse no records match
} // EndIf query worked
else {
echo mysql_error(); // report the error (during debugging, do something more elegant later)
} // EndElse problem in query

[edited by: cameraman at 10:43 am (utc) on Feb. 9, 2007]

dreamcatcher

10:42 am on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi Chran,

Welcome to Webmaster World. :)

$arts is an array and cannot be accessed how you are using it. If you echo it directly you will see simply 'Array', which is why your query is failing. Try something like this:

$query_products = "SELECT title FROM articles WHERE unique IN(".implode(",",$arts).");
$products = mysql_query($query_products) or die(mysql_error());

while ($row=mysql_fetch_array($products))
{
echo $row->product;
}

Assuming product is your product field name.

dc

edit: cameraman, you beat me to it.:)

cameraman

10:47 am on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



LOL yeah but you taught me something - I didn't know this syntax for an array:
echo $row->product;

dreamcatcher

11:13 am on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



hee hee, I taught myself something too. Sorry, I should have used:

..mysql_fetch_object($products))

dc

Chran

2:08 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



Wow, that was a fast response! Thank you for the greate help. I still cant get it to work though.

Assuming product is your product field name.

What do you mean by that? Which product field do you mean? I suppose the product name that I am fetching in the database is in the query, or are you talking about something else?

Please bare with me, this is all very new to me ;)

dreamcatcher

4:18 pm on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hey, no problem. :)

I was assuming the field you wanted displaying was called 'product'. Looking through the info, maybe its called 'title'? Just change the name to the correct field name when you do the loop. And don`t use the class operator unless you call the data using mysql_fetch_object. Should be a numerical or associative array if using mysql_fetch_array. That was a little mistake on my part, sorry.

Oh and as cameraman pointed out, using IN asumes your unique data is numeric.

dc

Chran

6:14 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



Ok, I am sure I am very close but it still doesnt show anything. The unique value is NOT numeric. So I understand I shouldnt use the IN then. Here is my new and approved code: 


<?php
$arts = implode("','",$_POST['prod']); 
$arts = mysql_real_escape_string($arts); 
$query_products = "SELECT title FROM articles WHERE unique = ('$arts')"; 
$products = mysql_query($query_products) or die(mysql_error());
?>
<?php 
while ($row = mysql_fetch_object($products)) 
{ 
echo $row -> title; 
} 
?>

cameraman

6:43 pm on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Change the unique = ( in the query to unique IN ( and it should work:

If it doesn't then add this line right after real_escape_string:
echo "I'm looking for $arts <br />";
so that you can make sure your data is the way you're expecting back from the form.

Chran

6:57 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



It doesnt work. And the echo outputs this:

I'm looking for 089u0j\',\'9u98hj\',\'34vg35

(yes, these are the correct values)

cameraman

7:02 pm on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ok try modifying this line to:
$arts = stripslashes(implode("','",$_POST['prod']));

Chran

7:32 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



nope, still nothing

cameraman

7:58 pm on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Humph. Ok, let's try some stuff to see what the heck's going on.

<?php
$arts = stripslashes(implode("','",$_POST['prod']));
$arts = mysql_real_escape_string($arts);
$query_products = "SELECT title FROM articles WHERE unique = ('$arts')";
echo "<p>The query: $query_products</p>\n";

$all = mysql_query("SELECT title,unique FROM articles");
for($i = 0; $i < 3; $i++) {
$row = mysql_fetch_object($all);
echo "<p>Title: " . $row->title . "<br />unique: " . $row->unique . "</p>\n";
} // EndFor get 3 articles
echo "<hr>\n";
mysql_free_result($all);

$products = mysql_query($query_products) or die(mysql_error());
?>
<?php
while ($row = mysql_fetch_object($products))
{
echo $row -> title;
}
?>

Try that. You should see the query as it's been built, then the first three records from the table, just to make sure they're stored as expected.

Chran

8:47 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



Ok, here is the output:

The query: SELECT prodtitel FROM articles WHERE uniktid = ('089u0j\',\'9u98hj\',\'34vg35')

Title:
unique: 089u0j

Title:
unique: 9u98hj

Title:
unique: 34vg35

Chran

8:59 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



Ok, that was not true:

Here is the output, I messed it up, sorry:

The query: SELECT prodtitel FROM articles WHERE uniktid = ('089u0j\',\'9u98hj\',\'34vg35')

Title: asdklfjkl
unique: 089u0j

Title: asfjaslj ljk
unique: 9u98hj

Title: sadlfkl
unique: 34vg35

Chran

9:02 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



It seems to me there is nothing wrong with the query. It must be the wile loop that isnt fetching it right. Right?

<?php
while ($row = mysql_fetch_object($products))
{
echo $row -> title;
}
?>

cameraman

9:16 pm on Feb 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



OK, I've got it. No, the problem is in the query.
The stripslashes was supposed to remove those backslashes from the quotes around the unique ids.
But the mysql_real_escape_string is putting them back in! Thing is, you really want to escape bad stuff out of harm's way.

So do this:
$arts = implode(",",$_POST['prod']);
$arts = mysql_real_escape_string($arts);
$arts = str_replace(",","','",$arts);

First line will get you:
089u0j,9u98hj,34vg35

Second line will have no effect unless someone's trying to sql inject you.
Third line will get you:
089u0j','9u98hj','34vg35

which is what we want.

Chran

9:34 pm on Feb 9, 2007 (gmt 0)

10+ Year Member



Ok, after hours of blood, sweat and tears. I cant believ what my eyes are seeing, but I think IT FINALLY WORKS!

Thank you so much for helping me through this.

You guys rule!

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:13 am May 2, 2026