Foreach() error

PHP
1

I want to export videos, thumbs, duration, etc from my website into a xml format.

I got this error:
Invalid argument supplied for foreach()

$output .= ' <clips>';

if (!is_array( $vids )) {
    $vids = array(  );
    foreach ($imgs as $img) {
        $img = explode( '.', $img );
        $vids[] = '0' . $img[0] . '.flv';
    }
}

@sort( $vids );
@sort( $imgs );
$i = 38;
foreach ($vids as $v) {
    $output .= ' <clip>';
    $output .= '  <duration>' . $duration . '</duration>';
    $output .= '  <width>' . $width . '</width>';
    $output .= '  <height>' . $height . '</height>';
    $output .= '  <flv>' . $v . '</flv>';
    $output .= '   <screens>   <screen>' . trim( $imgs[$i] ) . '</screen>   </screens>';
    $output .= ' </clip>';
    ++$i;
}

$output .= ' </clips>';

Thank you!

2

$imgs is being passed to the for_each but it is not defined anywhere (in the code you show here).
Is there more code you have left out? What is the page that brings you to this point?

3

This is the whole code:

&lt;?php

header( 'content-type: text/xml' );
require_once( 'config/con_db.class.php' );
require_once( 'function/function.php' );
$db = new db(  );
$hostedServer = ishostedserver(  );
$level = 38;
$admin_delete = false;

if (isset( $_COOKIE['userid'] )) {
	$userid = get_uid_fromusers( safe_string( $_COOKIE['userid'] ) );
	$level = check_if_admin( $userid );

	if ($level == 1) {
		$admin_delete = true;
	}
}

$channels = safe_string( $_GET['channels'] );

if (strpos( $channels, ',' )) {
	$channels = explode( ',', $channels );
}
else {
	$channels = array( $channels );
}

$todayforsql = date( 'Y-m-d H:i:s', mktime( date( 'H' ), date( 'i' ), 0, date( 'm' ), date( 'd' ), date( 'Y' ) ) );
$category = safe_string( $_GET['category'] );

if (strpos( $category, ',' )) {
	$category = explode( ',', $category );
}
else {
	$category = array( $category );
}

$_GET['start'] = ($_GET['start'] ? intval( $_GET['start'] ) : 0);
$limit = ($_GET['limit'] ? ' LIMIT ' . intval( $_GET['start'] ) . ', ' . intval( $_GET['limit'] ) : ' LIMIT 50');
$limit = (intval( $_GET['limit'] ) &lt;= 500 ? $limit : ' LIMIT ' . intval( $_GET['start'] ) . ', 500');

if (( $admin_delete && $_GET['limit'] )) {
	$limit = ' LIMIT ' . intval( $_GET['start'] ) . ', ' . intval( $_GET['limit'] );
}


if ($_GET['recent']) {
	$limit = 'limit 0,50';
}
else {
	$recent = null;
}

$path = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$path = str_replace( 'xml.php', '', $path );
$catIDS = null;
$chaIDS = null;
$tagArray = array(  );
$urlArray = array(  );
$vidArray = array(  );
$imgArray = array(  );
$partOneSQL = null;
$partTwoSQL = null;
$partThreeSQL = null;
$partFourSQL = null;

if (0 &lt; $category[0]) {
	$catIDS = '(';
	foreach ($category as $v) {
		$catIDS .= $v . ',';
	}

	$catIDS = trim( $catIDS, ',' ) . ')';
}


if (0 &lt; $channels[0]) {
	$chaIDS = '(';
	foreach ($channels as $v) {
		$chaIDS .= $v . ',';
	}

	$chaIDS = trim( $chaIDS, ',' ) . ')';
}

$maxdatequery = 'select max(`date_added`) as da from videos v, channels ch ';
$maxdatequery .= ($catIDS ? ', hostedgals_niche n, hostedgals_cats c ' : null);
$maxdatequery .= ' WHERE  1';
$maxdatequery .= ($chaIDS ? ' and v.channel  IN ' . $chaIDS . ' ' : null);
$maxdatequery .= ($catIDS ? ' and n.cat_id  IN ' . $catIDS . ' AND  n.cat_id = c.uid AND n.hostedgal_id = v.uid' : null);
$maxdatequery .= ' AND v.date_added &lt;= \\'' . $todayforsql . '\\' ';
$maxdatequery .= ' AND v.channel = ch.uid  ';
$maxdatequery .= ' AND v.active = 1 ';
$maxdatequery .= ' AND v.queue  = 1';
$getmaxdate = mysql_query( '' . $maxdatequery );
$timeforupdate = strtotime( mysql_result( $getmaxdate, 0, 'da' ) );
$partOneSQL = 'SELECT v.uid AS vid_id, v.description, v.tag, v.duration, v.height, v.hotlink_id, v.width, v.date_added, v.hotlinkimg_id, v.img_type, v.vid_type, s.sitename, ch.name as chaname, ch.uid as chaid FROM videos v, settings s, channels ch';
$partOneSQL .= ($catIDS ? ', hostedgals_niche n, hostedgals_cats c ' : null);
$partOneSQL .= ' WHERE  1';
$partOneSQL .= ($chaIDS ? ' and v.channel  IN ' . $chaIDS . ' ' : null);
$partOneSQL .= ($catIDS ? ' and n.cat_id  IN ' . $catIDS . ' AND  n.cat_id = c.uid AND n.hostedgal_id = v.uid' : null);
$partOneSQL .= ' AND v.date_added &lt;= \\'' . $todayforsql . '\\' ';
$partOneSQL .= ' AND v.channel = ch.uid  ';
$partOneSQL .= ' AND v.active = 1 ';
$partOneSQL .= ' AND v.queue  = 1 ';
$partOneSQL .= ' ORDER BY v.date_added DESC ';
$partOneSQL .= $limit;
$partOneResult = mysql_query( $partOneSQL, $db-&gt;con );

if ($row = mysql_fetch_object( $partOneResult )) {
	$vid_ids[] = $row-&gt;vid_id;
}

$from_sql_one = implode( ',', $vid_ids );
mysql_data_seek( $partOneResult, 0 );
$partTwoSQL = 'SELECT hostedgals_niche.cat_id, hostedgals_niche.hostedgal_id FROM hostedgals_niche JOIN videos ON (videos.uid = hostedgals_niche.hostedgal_id) where hostedgal_id IN(' . $from_sql_one . ')';
$partThreeSQL = 'SELECT videos.uid, `hotlink`.`url` AS clip, `hotlinkimg`.`url` AS screen
					 FROM `hotlink` , `hotlinkimg` , videos
					 WHERE videos.hotlink_id = hotlink.uid
					 AND videos.hotlinkimg_id = hotlinkimg.uid AND videos.uid IN(' . $from_sql_one . ')
					 GROUP BY videos.uid';
$partFourSQL = 'SELECT `videos`.`uid` , `hotlink_files`.`filename` , `hotlink_files`.`type`
					FROM `hotlink_files` , `videos`
					WHERE hotlink_files.video_uid = videos.uid AND videos.uid IN(' . $from_sql_one . ')';
$getcatnames = mysql_query( 'select name, uid from hostedgals_cats where status = 1' );

while ($row = mysql_fetch_assoc( $getcatnames )) {
	extract( $row );
	$catarray[$uid] = $name;
}

$partTwoResult = mysql_query( $partTwoSQL, $db-&gt;con );

while ($row = mysql_fetch_array( $partTwoResult )) {
	@extract( $row );
	$tagArray[$hostedgal_id][] = $cat_id;
}

$partThreeResult = mysql_query( $partThreeSQL, $db-&gt;con );

while ($row = mysql_fetch_array( $partThreeResult )) {
	@extract( $row );
	$urlArray[$uid][] = $clip;
	$urlArray[$uid][] = $screen;
}

$partFourResult = mysql_query( $partFourSQL, $db-&gt;con );

while ($row = mysql_fetch_array( $partFourResult )) {
	@extract( $row );

	if ($type == '1') {
		$vidArray[$uid][] = $filename;
	}

	$imgArray[$uid][] = $filename;
}

$numRows = mysql_num_rows( $partOneResult );
$output = '';
$output .= '&lt;videos&gt;';
$output .= ' &lt;updated&gt;' . date( 'Y-m-d', $timeforupdate ) . '&lt;/updated&gt;';
$output .= ' &lt;total&gt;' . $numRows . '&lt;/total&gt;';

while ($row = mysql_fetch_array( $partOneResult )) {
	$thisPath = $path;
	@extract( $row );
	$output .= ' &lt;video&gt;';
	$output .= ' &lt;id&gt;' . $vid_id . '&lt;/id&gt;';
	$output .= ' &lt;tag&gt;' . $tag . '&lt;/tag&gt;';
	$output .= ' &lt;title&gt;' . htmlentities( $description ) . '&lt;/title&gt;';
	$output .= ' &lt;description&gt;' . htmlentities( $description ) . '&lt;/description&gt;';
	$output .= ' &lt;tags&gt;';
	$vtags = $tagArray[$vid_id];
	$urls = $urlArray[$vid_id];
	$vids = $vidArray[$vid_id];
	$imgs = $imgArray[$vid_id];

	if (is_array( $vtags )) {
		$vtags = array_unique( $tagArray[$vid_id] );
		$temp = '';
		foreach ($vtags as $v) {

			if ($catarray[$v]) {
				$temp .= $catarray[$v] . ',';
				continue;
			}
		}

		$temp = trim( $temp, ',' );
		$output .= '  ' . $temp . ' ';
	}

	$output .= ' &lt;/tags&gt;';
	$output .= ' &lt;paysite&gt;' . $chaname . '&lt;/paysite&gt;';
	$output .= ' &lt;clip_url&gt;';

	if (( $vid_type == 'local' && $hostedServer != '' )) {
		$thisPath = $hostedServer . 'vid/' . $chaid . '/' . $tag . '/';
	}
	else {
		if (( $vid_type == 'local' && $hostedServer == '' )) {
			$thisPath = $thisPath . 'vid/' . $chaid . '/' . $tag . '/';
		}
		else {
			if ($vid_type == 'hotlink') {
				$thisPath = trim( $urls[0] );
			}
		}
	}

	$output .= $thisPath . '';
	$output .= ' &lt;/clip_url&gt;';
	$thisPath = $path;
	$output .= ' &lt;screen_url&gt;';

	if (( $img_type == 'local' && $hostedServer != '' )) {
		$thisPath = $hostedServer . 'vid/' . $chaid . '/' . $tag . '/';
	}
	else {
		if (( $img_type == 'local' && $hostedServer == '' )) {
			$thisPath = $thisPath . 'vid/' . $chaid . '/' . $tag . '/';
		}
		else {
			if ($img_type == 'hotlink') {
				$thisPath = trim( $urls[1] );
			}
		}
	}

	$output .= $thisPath . '';
	$output .= ' &lt;/screen_url&gt;';
	$output .= ' &lt;clips&gt;';

	if (!is_array( $vids )) {
		$vids = array(  );
		foreach ($imgs as $img) {
			$img = explode( '.', $img );
			$vids[] = '0' . $img[0] . '.flv';
		}
	}

	@sort( $vids );
	@sort( $imgs );
	$i = 38;
	foreach ($vids as $v) {
		$output .= ' &lt;clip&gt;';
		$output .= '  &lt;duration&gt;' . $duration . '&lt;/duration&gt;';
		$output .= '  &lt;width&gt;' . $width . '&lt;/width&gt;';
		$output .= '  &lt;height&gt;' . $height . '&lt;/height&gt;';
		$output .= '  &lt;flv&gt;' . $v . '&lt;/flv&gt;';
		$output .= '   &lt;screens&gt;   &lt;screen&gt;' . trim( $imgs[$i] ) . '&lt;/screen&gt;   &lt;/screens&gt;';
		$output .= ' &lt;/clip&gt;';
		++$i;
	}

	$output .= ' &lt;/clips&gt;';
	$output .= ' &lt;/video&gt;';
}

$output .= '&lt;/videos&gt;';
echo $output;
?&gt;
4

I’m not sure that you should be checking if(!is_array()) on a variable that is not defined. If $vids IS defined then it will BE an array. I also see you are using a lot of spaces when defining array or otherwise checking values. For example

if (!is_array( $vids )) {
    $vids = array(  );

I think it should be

if (!isset($vids)) {
    $vids = array();
    foreach ($imgs as $img) {
        $img = explode( '.', $img );
        $vids[] = '0' . $img[0] . '.flv';
    }
}
5

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.