How to get a string to be read as a function

ofeyofey · December 9, 2014, 9:57pm

Hi,
My controller file index.php creates a string called $build which should replace,

$newNotes[] = array('userid' => $row['userid'], 'effort' => $row['effort']);

with

  $newNotes[] = $build;

but it seems this array $build is not being read as the function that it is.
Here’s is an excerpt from the controller file index.php

    if (isset($_POST['action']) and $_POST['action'] == 'searchview')
    { 
      include $_SERVER['DOCUMENT_ROOT'] . '/artgibney/includes/db.inc.php';
        echo "<pre>";
        print_r($_POST);
        echo "</pre>";
        $build = "array("; 
        foreach($_POST['fields'] as $key => $value):
            $build .= "'" . $value . "' => \$row['" . $value . "'], ";
            endforeach;
            $build = substr($build, 0, -2);
            $build .= ")";
            echo $build . "<br>";
            $select = implode(", ", $_POST['fields']);
            echo $select;
       try
      {
        $sql = "SELECT $select FROM notes WHERE 
        userid = :id";
        $s = $pdo->prepare($sql);
        $s->bindValue(':id', $_POST['id']);
        $s->execute();
        }
        
      catch (PDOException $e)
      {
        $error = 'Error fetching by fields list of notes.';
        include 'error.html.php';
        exit();
      }

  $result = $s->fetchAll();
       
    echo "<pre>";
    print_r($result);
    echo "</pre>";
    
  foreach ($result as $row)
  {
    //$newNotes[] = array('userid' => $row['userid'], 'effort' => $row['effort']);
    $newNotes[] = $build;
  }
  include 'searchview.html.php';
  exit();
}

This creates two arrays $results and $newNotes.

The array $results produces extra rows which i don’t want and that is why i am try to create the array $newNotes The html file should display $newNotes

<?php include_once $_SERVER['DOCUMENT_ROOT'] .
    '/artgibney/includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Manage Topics: Search Results</title>
  </head>
  <body>
     <p><a href="..">physCMS home</a> &#8658; <a href="/artgibney/admin/notes/">Manage Daily Notes</a></p>
   <?php include $_SERVER['DOCUMENT_ROOT'] . '/artgibney/includes/logout.inc.html.php'; ?>
    <h1>Search Results</h1>  
    <?php echo "<pre>";
    print_r($result);
    echo "</pre>";
    echo "<pre>";
    print_r($newNotes);
    echo "</pre>"; ?>
  </body>
</html>

You can see the repeated rows in $result here,

Array
(
    [0] => Array
        (
            [equip] => 0
            [0] => 0
            [effort] => 1
            [1] => 1
            [date] => 2014-11-29
            [2] => 2014-11-29
        )

    [1] => Array
        (
            [equip] => 1
            [0] => 1
            [effort] => 3
            [1] => 3
            [date] => 2014-11-30
            [2] => 2014-11-30
        )

    [2] => Array
        (
            [equip] => 0
            [0] => 0
            [effort] => 2
            [1] => 2
            [date] => 2014-11-30
            [2] => 2014-11-30
        )

    [3] => Array
        (
            [equip] => 1
            [0] => 1
            [effort] => 0
            [1] => 0
            [date] => 2014-12-02
            [2] => 2014-12-02
        )

    [4] => Array
        (
            [equip] => 0
            [0] => 0
            [effort] => 1
            [1] => 1
            [date] => 2014-12-02
            [2] => 2014-12-02
        )

    [5] => Array
        (
            [equip] => 0
            [0] => 0
            [effort] => 0
            [1] => 0
            [date] => 2014-12-02
            [2] => 2014-12-02
        )

    [6] => Array
        (
            [equip] => 1
            [0] => 1
            [effort] => 1
            [1] => 1
            [date] => 2014-12-02
            [2] => 2014-12-02
        )

    [7] => Array
        (
            [equip] => 1
            [0] => 1
            [effort] => 3
            [1] => 3
            [date] => 2014-12-04
            [2] => 2014-12-04
        )

)

and then $newNotes just comes out like this,

Array
(
    [0] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [1] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [2] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [3] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [4] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [5] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [6] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
    [7] => array('equip' => $row['equip'], 'effort' => $row['effort'], 'date' => $row['date'])
)

Why are there no values when i display $newNotes ?

I am aware that a whitelist needs to be added to this code to sanitize against injections.

Thanks,
Shane

fretburner · December 9, 2014, 10:19pm

Hi Shane,

Unless you tell it otherwise, PDO defaults to the fetch mode PDO::FETCH_BOTH, which returns results as an array with numeric and column name keys. This is why you’re seeing the duplicated rows.

To change it, you can add the fetch mode to your fetchAll() call, like this:

$result = $s->fetchAll(PDO::FETCH_ASSOC); // will return the array with column name keys only

or, you can set it globally when you create your DB connection:

$connection = new PDO($connection_string);
$connection->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

You can read more about the different fetch modes in the manual.

droopsnoot · December 10, 2014, 10:33am

I am fairly new to PHP, and it won’t be the first time that I’ve commented on something that really reveals how little I know, but I am puzzled by this line of code:

$newNotes[] = $build;

Given that the code shown later shows $build being created as a string that literally contains the word “array(” followed by the contents of an array and a close-bracket, will PHP actually interpret the contents of $build and return it as an array when it’s assigned to the new element of $newNotes?

fretburner · December 10, 2014, 10:41am

No, it’ll continue to treat it as a string. PHP does have the function eval which will take a string and attempt to execute it as code, but it’s very dangerous, especially in a situation like this where the string is being built from user input… I could submit any PHP code I wanted in $_POST[‘fields’] and eval would execute it with the same permissions as the rest of the script.

droopsnoot · December 10, 2014, 10:45am

OK, that sounds reasonable, and explains:

ofeyofey · December 11, 2014, 6:03pm

Hi,
Thank you all for your replies.

Well you know a lot more than me and I am grateful that you had a look, thanks.

I didn’t know this and see how it could be really useful.
It is working but I had to use :: ,

$result = $s->fetchAll(PDO::FETCH_ASSOC);

Array
(
    [0] => Array
        (
            [late] => 1
            [equip] => 1
        )

    [1] => Array
        (
            [late] => 0
            [equip] => 0
        )

    [2] => Array
        (
            [late] => 0
            [equip] => 0
        )

    [3] => Array
        (
            [late] => 0
            [equip] => 0
        )

    [4] => Array
        (
            [late] => 0
            [equip] => 1
        )

    [5] => Array
        (
            [late] => 1
            [equip] => 1
        )

    [6] => Array
        (
            [late] => 1
            [equip] => 0
        )

    [7] => Array
        (
            [late] => 1
            [equip] => 1
        )

    [8] => Array
        (
            [late] => 1
            [equip] => 1
        )

)

Thanks for your help,
Shane

system · March 13, 2015, 1:08am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.