0

I am creating a Login form that captures the values so I can use throughout the session when the user gets pass the regular Login page. I have input in MySQL as follows:

user_id | username | password | firstname | lastname | email | website | active | date_added

I created a function to capture data but it doesn't return anything. Can anyone help me with this?

Here is what the code looks like:

 function user_input($user_id) {
 $input = array();
 $user_id = (int) $user_id;

 $func_num_args = func_num_args();
 $func_get_args = func_get_args();

 if ($func_num_args > 1) {
 unset($func_get_args[0]);

 $fields = ' ` ' . implode('`, ` ', $func_get_args) . ' `';


 $query = mysql_query("SELECT '$fields' FROM Login WHERE user_id = '$user_id' ");
 $input = mysql_fetch_assoc($query);


 print_r($input);
 }
 }
Improve this question
3
  • 2
    why single quotes ('$fields') when you already added back-ticks Commented Apr 11, 2014 at 18:19
  • 5
    Please stop using mysql_* functions, they are deprecated. Commented Apr 11, 2014 at 18:20
  • Casting to (int) is a really poor substitution for proper SQL escaping. Commented Apr 11, 2014 at 18:42

3 Answers 3

Reset to default
2 
 private function user_input($user_id) {

 private $input = array();
 //$user_id = (int) $user_id; //This line may effect your security 

if(isset($input)){

 $func_num_args = func_num_args();
 $func_get_args = func_get_args();

$query = "SELECT ";
for($i = 0 ; $i <=  $func_num_args; $i++){

     if($i==($func_num_args-1))
     {
         $query =$query .$func_get_args[$i];
     }
     else
     {
         $query =$query .$func_get_args[$i].",";
     }

    }
    $query = $query . " FROM Login WHERE `user_id` =" . $user_id ;

   $rs = mysql_query($query);

    while ($getRow = Mysql_fetch_array($rs)){
       self::$input = $getRow;
    }
 }
    return self::$input ; // this will be returning an array of result set 


  }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Wow this site is incredible. Thanks for writing the function for me. I wish I had your brain. Thanks
IF u want more efficient output add static, define static $getRow
1 
$fields = ' ` ' . implode('`, ` ', $func_get_args) . ' `';

this then makes you fields 

` one `, ` two `

This should be

$fields = '`' . implode('`, `', $func_get_args) . '`';

ALSO

You do not need to put '' around this 

'`one`, `two`' < -WRONG

This is correct:

 $query = mysql_query("SELECT $fields FROM Login WHERE user_id = '$user_id' ");

Also LEARN PDO!!!

Improve this answer

2 Comments

Hey thanks for the pointers.. I voted it up but I have to go with the guy that wrote the entire method for me! Thanks though
you shouldn't use his method in a real world example (or your own function!) - if it is a private site that is fine (not on the web just a local server) but MySQL is deprecated - plus your function is open to numerous different types of attack - mysqli and PDO are far better - glad it helped but keep learning and read about security and mysql injections! good luck
0

Change this -

$query = mysql_query("SELECT $fields FROM Login WHERE `user_id` = $user_id ");

Since a variable inside the double quotes echoes it. If you are using a string in where clause then you have to make it like this '".$xyz['name']."'. If its a simple integer like user_id, you can avoid writing in double or single quotes.`

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.