1

I get an array of values returned from the following function:

function get_subscribitions($user)
{

$user = mysql_real_escape_string ($user);
$sql = "SELECT 'user_id' FROM `subscribe` WHERE subscriber = '$user'";
$result = mysql_query($sql);
$rows = array();   
while ($row = mysql_fetch_assoc($result)) {
   $rows[] = $row;
}    
mysql_free_result($result); 
return $rows;

I now want to use these values in a new function, where each "user_id" is used to collect text from the database through this function:

function get_text($writer) {
$writer = mysql_real_escape_string ($writer);
$sql = "SELECT * FROM `text` WHERE user_id='$writer' ORDER BY timestamp desc";
$result = mysql_query($sql);
$rows = array();
while ($row = mysql_fetch_assoc($result)) {
   $rows[] = $row;
}

mysql_free_result($result);
return $rows;

However the returned value from the first function is an array, and as I've learnt the hard way, arrays cannot be treated by "mysql_real_escape_string".

How can I make the second function handle the values that I got from the first function?

Any responses appreciated. Thank you in advance.

Improve this question
2
  • get_text is supposed to work with one user id at a time. Therefore, loop over the array and call get_text once for each item. Commented Oct 21, 2011 at 13:14
  • @Jon Would you mind giving me an example on how that loop could be made up? Commented Oct 21, 2011 at 13:17

6 Answers 6

Reset to default
2

Your first mistake is to use mysql_fetch_assoc when only selecting one column. You should use mysql_fetch_row for this. This is likely going to fix your primary problem.

Could look like this:

$subs = get_subscribitions($whateverId);
$texts = get_text($subs);

function get_subscribitions($user)
{
    $user = mysql_real_escape_string ($user);
    $sql = "SELECT 'user_id' FROM `subscribe` WHERE subscriber = '$user'";
    $result = mysql_query($sql);
    $rows = array();

    while ($row = mysql_fetch_row($result)) {
        $user_id = $row['user_id'];
        $rows[$user_id] = $user_id;
    }
    mysql_free_result($result);
    return $rows;
}

function get_text($writer) {
    $writers = implode(",", $writer);
    $sql = "SELECT * FROM `text` WHERE user_id IN ({$writers}) ORDER BY timestamp DESC";
    $result = mysql_query($sql);
    $rows = array();

    while ($row = mysql_fetch_array($result)) {
        $rows[] = $row;
    }

    mysql_free_result($result);
    return $rows;
}

This will save you a lot of time, because you can get all data from 'text' in one statement.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Where is that line in my example?
anyways, there was something wrong in the code suggested. Should work now.
This is the best solution imo. But you must escape in-data in a query. Change $writers = implode(",", $writer); to $writers = implode(",", array_map('mysql_real_escape_string', $writer)); and you are all set.
Actually you're right but not really in this case. The data comes directly from the database and can not be manipulated before it is sent to the database again. So I can't see a need to escape it. What you could do is foreach ($writer as $key => $temp) { $writer[$key] = (int) $temp; } before you do $writers = implode(",", $writer); to make sure $writer only holds integer values.
2

The solution is to avoid placing arrays in your $rows array in the first function. Instead of:

while ($row = mysql_fetch_assoc($result)) {
    $rows[] = $row;
}

try:

while ($row = mysql_fetch_assoc($result)) {
    $rows[] = $row['user_id'];
}

This will place only the value from column 'user_id' in the $rows array.

Improve this answer

Comments

1

In order to use the second function you must iterate over the array returned from the first one. Something like this could work for you:

$user_subscriptions = get_subscribitions($user);
foreach($user_subscriptions as $subscription) {
    $texts = get_text($subscription['user_id']);

    foreach($texts as $text) {
        // do something with the fetched text
    }
}
Improve this answer

Comments

1

As George Cummins says, 

while ($row = mysql_fetch_assoc($result)) {
    $rows[] = $row['user_id'];
}

and, to speed up the second function:

function get_text($writer)
{
    $sql = "SELECT * FROM `text` WHERE user_id in (".implode(',',$writer).") ORDER BY timestamp desc";
    $rows = array();
    if ($result = mysql_query($sql))
    {
        while ($row = mysql_fetch_assoc($result))
        {
            $rows[] = $row;
        }

        mysql_free_result($result);
    }    

    return $rows;
}

The change to the query means that you only do one in total rather than one for each ID thus removing the time taken to send the query to the server and get a response multiple times. Also, if the query fails, the function returns an empty array

Improve this answer

1 Comment

This is the best solution imo. But you must escape in-data in a query. Change $writers = implode(",", $writer); to $writers = implode(",", array_map('mysql_real_escape_string', $writer)); and you are all set.
0

Use :

string implode ( string $glue , array $pieces )
// example, elements separated by a comma :
$arrayasstring = impode(",", $myarray);
Improve this answer

Comments

0 
function get_subscribitions($user)
{
  $user = mysql_real_escape_string ($user);
  $sql = "SELECT 'user_id' FROM `subscribe` WHERE subscriber = '$user'";
  $result = mysql_query($sql);
  $row = mysql_fetch_row($results);
  mysql_free_result($result);
  return intval($row['user_id']);
}

it return only the user id you can used it in the 2nd function

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.