Custom Functions Help Please

Hello Everyone

I am trying to create a function that will run an MySQL Query and Return True IF there are results, and False if the Query brought 0 rows (i.e. null).

Here is my code:

if (mysql_query($query) = false) {
	
		// return false; // (i.e. an IP Address with that Joke ID has NOT BEEN FOUND in the RATINGS table)
		echo "not found";
	
	} else {
	
		echo "Found"; // (i.e. an IP Address with that Joke ID has been found in the RATINGS table)
	
	}

The Error I’m getting my browser when trying to test it is:

Fatal error: Can’t use function return value in write context

I would greatly appreciate some help in sorting out this problem.

Thank You.

Okay.
#1: = is an assignment operator. == is a comparison test.
#2: mysql_query will only return false if the query failed. try looking at [fphp]mysql_num_rows[/fphp] instead.

And don’t compare the value to false. Although it will work (with ==, not with ===, and that’s a big hint!) it’s not semantically correct.

Thanks Star & Scallio

@Scallio: Why shouldn’t I compare to False (using ==) ??

By the way I have updated the function code to the following now:

/*
 * The Function Below Checks whether the given Joke ID and IP Address of the Visitor are present within the 
 * RATINGS Table inside our JOKES Database.
 * @param Joke ID and IP Address of Visitor.
 * @return Boolean
 *
 */
 
function ipCheckUp($jID, $ipaddress)  {

	db_connect(); // This function (defined above) gives us access to the Database. (note this is a function call, within a function)

	$query = 'SELECT ratings.jokeid, ratings.ipaddress FROM ratings
                    WHERE  
                    (ipaddress = "'. $ipaddress .'") AND (ratings.jokeid = '. $jID .')'; // This is a MySQL Query that will grab the data (if it exists) from the RATINGS table.

	$result = @mysql_query($query);
	
	if (@mysql_num_rows($result) == 0) {
	
		return false; // (i.e. an IP Address with that Joke ID has NOT BEEN FOUND in the RATINGS table)
	
	} else {
	
		return true; // (i.e. an IP Address with that Joke ID has been found in the RATINGS table)
	
	}

}

Is the Function OK now ? Also the Q to Scallio PLEASE (Just to Learn).

Here you go.

<?php
function ip_has_rated_joke($ip, $joke_id){
  $res = mysql_query(sprintf(
    "SELECT jokeid FROM ratings WHERE jokeid = %d AND ipaddress = '%s';",
    $joke_id,
    mysql_real_escape_string($ip)
  ));
  return (bool)mysql_num_rows($res);
}

if(ip_has_rated_joke('192.168.0.10', 45)){
  #has rated joke :o)
}
?>

hehe Thanks Anthony, now I need to understand why yours is better than mine (you know for the future ! lol)

1. I always thought sprintf was needed ONLY when you’re inserting something into the Database ? And that was to protect “bad” people from messing up the Database

2. I understand the change to the Query > you’re right I don’t need two things back, since all I’m doing is checking whether such ip address exists for a particular joke.

3. What’s the deal with %d and %s !! I don’t get that

4. Why does $joke_id and $ip come at the end of the query string ?

5. Again I thought mysql_real_escape_string was only necessary when Inserting stuff into a Database (again for protection purposes ?

I’d appreciate some help > cause I’m a n00b who’s very willing to learn and absorb the knowledge from Pros such as You and the other guys & gals on here.

Thank You

See if i can answer some of these correctly lol

5. Any time you’re using user input in any query (and a function parameter counts!), it needs to be sanitized. There’s nothing to stop people from ending your query (try thinking of putting in as $ip: 0’; DROP TABLE ratings; SELECT jokeid FROM ratings WHERE ‘1’ = '1 )

You shouldnt compare num_rows to false because it’s not typed the same. mysql_num_rows returns an INT. False is a BOOL. A type-sensitive comparison (===) will not produce the correct result in this case. It’s just a good habit to get into to compare it with the correct type, even if it will ‘work’ in non-type-sensitive comparisons (==).

You dont need the table identifiers (ratings.fieldname) when your query only involves 1 table. You dont need the braces unless you’re doing compound comparisons.

3&4) %d and %s are placeholders in an sprintf string for variables; it ensures that they are of proper type; the variables come at the end of the sprintf command to tell the command what to use to fill in those placeholders. Check the [fphp]sprintf[/fphp] manual page. Using sprintf sanitizes the joke ID to make sure it’s a number; the string gets passed through the mysql sanitizer before being used.

1. the arguments have to be escaped

2. sprintf digit, string

3. arguments of the sprintf function

4. yes

Thanks guys.

I am a fan of breaking things down to manageable bits, now my function is like this:

function ipCheckUp($jID, $ipaddress)  {

	db_connect(); // This function (defined above) gives us access to the Database. (note this is a function call, within a function)

	$query = "SELECT jokeid FROM ratings
                    WHERE  
                    ipaddress = '%i' AND jokeid = %j"; // This is a MySQL Query that will grab the data (if it exists) from the RATINGS table.

	$result = @mysql_query(sprintf($query, $jID, mysql_escape_string($ipaddress)));
	
	if (@mysql_num_rows($result) == 0) {
	
		return false; // return false; // (i.e. an IP Address with that Joke ID has NOT BEEN FOUND in the RATINGS table)
	
	} else {
	
		return true; // (i.e. an IP Address with that Joke ID has been found in the RATINGS table)
	
	}

}

Can someone tell me if it is all OK ? I’ve gone over it 2 or 3 times and seems OK to me … but hey I’m a n00b hehe

Take a look at how Anthony solved this

if (@mysql_num_rows($result) == 0) {
    
        return false; // return false; // (i.e. an IP Address with that Joke ID has NOT BEEN FOUND in the RATINGS table)
    
    } else {
    
        return true; // (i.e. an IP Address with that Joke ID has been found in the RATINGS table)
    
    }

in post #6

Oh, and I’m not a fan of calling db_connect() if the you were already connected to the database.
Since you use the mysql_* functions you can just connect once and forget about it (i.e. don’t call that function at all in your ipCheckUp() function), since you don’t have to pass the database resource as a parameter to mysql_* function
Unlike mysqli_* where the resource is required.

I was aware of his solution, but I thought mine was easier to understand lol though I guess his is more compact.

Here is what my function looks like now:

function ipCheckUp($jID, $ipaddress)  {

	db_connect(); // This function (defined above) gives us access to the Database. (note this is a function call, within a function)

	$query = "SELECT jokeid FROM ratings
                    WHERE  
                    jokeid = %j AND ipaddress = '%i'"; // This is a MySQL Query that will grab the data (if it exists) from the RATINGS table.

	$result = @mysql_query(sprintf($query, $jID, mysql_escape_string($ipaddress)));
	
	return (bool)mysql_num_rows($result);

}

The bad news is > it isn’t working !! Here is the Check that I’m performing:

if (ipCheckUp($jID, "$ipaddress")) {
									echo "I Like";
								} else {
									echo "Already Liked";
								}

where @@@ $ipaddress = $_SERVER[‘REMOTE_ADDR’] @@@ And the error I’m getting says:

mysql_num_rows(): supplied argument is not a valid MySQL result resource

okay… the %d and the %s wernt arbitrary - they were type definitions (Decimal and String). Use %d and %s and try again.

Ohh LOL Sorry I thought they were just Random letters. Let me try again.

By the way … why Decimal ? is there one %i for Integer ?

[fphp]sprintf[/fphp]

I swear I was just hitting myself saying why I bothered asking that question before looking at the manual for that function. lol sorry will check first next time.

That now works PERFECTLY. THANK YOU ALL SOO MUCH for putting up with all my n00by questions.

Will go and sort the Queries of my other functions now and see if I can get them to work.

Thank You once again.