SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Evangelist
    Join Date
    Apr 2007
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Request or Get within a function

    Hi All,

    Is there some kind of rule which says you canít use request or get within a function? The reason I ask this is because in my function below:

    PHP Code:
    //=========================================================

    // Start function to pull out data for all
    function db_result_to_array($result

       
    $res_array = array(); 

       for (
    $count=0$row mysql_fetch_array($result); $count++) 
         
    $res_array[$count] = $row

       return 
    $res_array


    // PREMIERSHIP TEAMS OUT ONLY for results
    function get_premiership_teams() { 
        
    $query='SELECT team_id, team_name FROM teams where league ='.$_REQUEST['competition']; 
        
    $result=mysql_query($query); 
        if(
    FALSE==$result
            return 
    FALSE;
        if((
    || FALSE)==mysql_num_rows($result)) { 
            return 
    false
        } else { 
            
    $xx $_REQUEST['competition']; 
            
    $result=db_result_to_array($result); 
            return 
    $result
        } 

    //========================================================= 
    I try to use the statement
    PHP Code:
    $query='SELECT team_id, team_name FROM teams where league ='.$_REQUEST['competition']; 
    ÖBut it does not get the competition. Yet if I call get or request competition outside of the function it returns the value fine?

    Thanks

    Chris

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    153 Post(s)
    Tagged
    3 Thread(s)
    as long as the request variable is available when the function is called it should be ok.

    How are you calling the function?
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Evangelist
    Join Date
    Apr 2007
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Thanks. I was calling it within an include file, but even when I include it within my script it just wont get the value from the URL string and comes up with the message 'Invalid argument supplied for foreach()':

    .com/add_fixture.php?competition=Premiership

    PHP Code:
    <?php

    //Function

    //=========================================================

    // Start function to pull out data for all
    function db_result_to_array($result

       
    $res_array = array(); 

       for (
    $count=0$row mysql_fetch_array($result); $count++) 
         
    $res_array[$count] = $row

       return 
    $res_array


    // PREMIERSHIP TEAMS OUT ONLY for results
    function get_premiership_teams() { 
        
    $query='SELECT team_id, team_name FROM teams where league ='.$_REQUEST['competition']; 
        
    $result=mysql_query($query); 
        if(
    FALSE==$result
            return 
    FALSE;
        if((
    || FALSE)==mysql_num_rows($result)) { 
            return 
    false
        } else { 
            
    $result=db_result_to_array($result); 
            return 
    $result
        } 

    //=========================================================

    // ** If Submit is hit do your stuff **
        
    if (isset($_POST['Submit'])) {

      
    $match_date $_POST['match_date'];
      
    $team_one_id $_POST['team_one_id'];
      
    $team_one_score $_POST['team_one_score'];
      
    $team_two_score $_POST['team_two_score'];
      
    $team_two_id $_POST['team_two_id'];
      
    $competition $_REQUEST['competition']; 


    // ** Check for Required Fields with IF statements **
           
    if (empty($team_one_id)){
            
    $msg "** You forgot to enter the home team! **"
        }  else if (empty(
    $team_two_id)){
            
    $msg "** Error: You forgot to enter the away team! **";
            
     
    // Calculations for form guide
        
    if($team_one_score $team_two_score) {
        
    $form='h';
        } else if(
    $team_one_score $team_two_score) {
        
    $form='a';
        }else {
        
    $form='d';
        }

    // ** If all of the statements are true then **
        
    } else {
        
    $result mysql_query("Insert into results(match_date,team_one_id,team_one_score,team_two_score,team_two_id,form,competition) values('$match_date','$team_one_id','$team_one_score','$team_two_score','$team_two_id','$form','$y')");
        
    $result2 mysql_query"SELECT team_id, team_name FROM teams WHERE team_id IN ('$team_one_id', '$team_two_id')" ); 
        while ( 
    $row mysql_fetch_assoc$result2 ) ) { 
          
    $teams[$row['team_id']] = $row['team_name']; 
          } 
    $msg "Thank you the fixture " $teams[$team_one_id] ." v's " $teams[$team_two_id] ." has been added to the database.  Please continue or <a href='../index.php'>Return to the index </a>"
    }
    }
    ?>
    Yet if I just change in the function to:

    PHP Code:
    $query='SELECT team_id, team_name FROM teams where league = "Premiership" '
    It works? Puzzles me big time!

    Thanks

    Chris

  4. #4
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    It's because $_REQUEST['competition'] holds a non int value, which means it requires quotes wrapped around the value, which you failed to put in your function's query but put the quotes for your test.

  5. #5
    SitePoint Evangelist
    Join Date
    Apr 2007
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, So do you mean like this:

    PHP Code:
    $query='SELECT team_id, team_name FROM teams where league ='.$_REQUEST["'competition'"]; 
    As that does not work?

  6. #6
    SitePoint Member
    Join Date
    Jun 2007
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think like this..

    PHP Code:

    $query
    ='SELECT team_id, team_name FROM teams where league ="'.$_REQUEST['competition'].'"'
    ie. the SQL needs the quotes

  7. #7
    SitePoint Enthusiast
    Join Date
    Sep 2001
    Location
    California
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $query="SELECT team_id, team_name FROM teams where league ='".$_REQUEST['competition']."'"
    First single quote needs to be a " and the single quote around request needs to be within the string.

    BTW always a good idea to print it out to see what its inserting.

    Which is hopefully something like SELECT team_id, team_name FROM teams where league = 'whatever'; asumming 'whatever' needed to be text.

  8. #8
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $result mysql_query("SELECT team_id, team_name FROM teams where league = '$_REQUEST[competition]'     "); 
    # I put lots of space at the end so you can see the quotes 

  9. #9
    SitePoint Enthusiast
    Join Date
    Sep 2001
    Location
    California
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any reason you don't want to request it first then pass it into the function? At this point your not checking your data that it even exists, or that its not malicious.

    You should have something like 'getTeamByLeague($league)' function that just worries about finding and returning a league based on the inputed value.
    Last edited by TheDPQ; Jun 26, 2007 at 10:51. Reason: Edit last paragraph. forgot to add the var in the function

  10. #10
    SitePoint Member
    Join Date
    Jun 2007
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TheDPQ View Post
    PHP Code:
    $query="SELECT team_id, team_name FROM teams where league ='".$_REQUEST['competition']."'"
    First single quote needs to be a " and the single quote around request needs to be within the string.

    BTW always a good idea to print it out to see what its inserting.

    Which is hopefully something like SELECT team_id, team_name FROM teams where league = 'whatever'; asumming 'whatever' needed to be text.
    I've always used the quotes in the opposite way round, if you're enclosing the whole query in doubles, then surely you don't need to jump out of them for the variable anyway? ie. " foo $var bar " would work as well as " foo ".$var."bar "? Whereas using single quotes PHP doesn't check for variables (faster) and its explicit where they come in?

  11. #11
    SitePoint Enthusiast
    Join Date
    Sep 2001
    Location
    California
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've always used the quotes in the opposite way round, if you're enclosing the whole query in doubles, then surely you don't need to jump out of them for the variable anyway? ie. " foo $var bar " would work as well as " foo ".$var."bar "? Whereas using single quotes PHP doesn't check for variables (faster) and its explicit where they come in?
    You don't 'need' to jump out, no. Its faster to use double quotes and 'jumping' out of them and even faster still to use single quotes.

    I think the difference between 'jumping' and non-jumping out of double quotes is small enough that its usually not worth worrying about unless you need to worry about it being optimized (never hurts to worry!) For me its just personal pref. and correcting the person's mistake above. ^^

  12. #12
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The real issue in this instance with double quotes versus single quotes is that as per SQL standard you MUST use single quotes to delimit a string. While MySQL (and I'm sure others) are forgiving on this matter, you should not rely upon that behavior - writing standard SQL gives you a much better guarantee of compatibility with more databases and even with future versions of the same database should they drop non-standard features.

    The speed difference between double and single quotes is negligible. Although be aware that for non-numerical array indeces you need to wrap the variable in {} to ensure proper interpretation:
    PHP Code:
    $result mysql_query("SELECT team_id, team_name FROM teams where league = '$_REQUEST[competition]'"); //no
    $result mysql_query("SELECT team_id, team_name FROM teams where league = '{$_REQUEST['competition']}'"); //yes 
    While these two strings do produce identical results and neither produce warnings, the former could get you into the all-too-common bad habit of not quoting your non-numerical array indeces, which is bad practice and could get you into trouble when you start adding constants to your code.
    PHP questions? RTFM
    MySQL questions? RTFM

  13. #13
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kromey View Post
    The real issue in this instance with double quotes versus single quotes is that as per SQL standard you MUST use single quotes to delimit a string. While MySQL (and I'm sure others) are forgiving on this matter, you should not rely upon that behavior
    I don't know of any other RDBMS, besides MySQL, which would allow to use double quotes for string values, as double quotes are commonly used for identifiers. This only increases the reasoning for single quote usage for strings.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •