#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    3

    Help needed with return in a function


    When the user goes to login, and presses login, the array is shown in the browser, and the only thing I can think of what is causing that is the print_r. I was wondering if there was a way to get it so that it could still return the array and do what it needs to do in the background. This worked previously with json_decode and an actual file - but I am getting rid of the files and entering data into a database. Thanks in advaced, and the code is below.

    PHP Code:
    function user_info($user) {
            
    $PDOUser " "//Username for MySQL
            
    $PDOPass " "//Password for MySQL
            
    $dbh = new PDO('mysql:host=localhost;dbname=db_name'$PDOUser$PDOPass);
            
    $dbh->exec("set names utf8");
            
    $stmt $dbh->prepare("SELECT 1 FROM users WHERE user = :user");
            
            
    // Pass items in to get cleaned
            
    $stmt->bindParam(':user'$user);
            
            
    // Check it
            
    if ($stmt->execute() > 0) {
                    
    $data $dbh->prepare("SELECT * FROM users WHERE user = :user");
                    
    $data->bindParam(':user'$user);
                    
    $data->execute();
                    
                    
    $results $data->FetchAll();
                    return 
    print_r($results);
            } else {
                    return 
    false;
            }
        
        
        
    // This below here is the old code...
        
        //if(is_file('data/users/'.strtolower(clean_alphanum($user)))) {
        //    return json_decode(file_get_contents('data/users/'.strtolower(clean_alphanum($user))),true);
            //} else {
        //    return false;
            //}

  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,295
    Rep Power
    9400
    print_r() is for debugging. I can't think of any reason you'd actually want to keep it in code.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I guess you want json_decode() like in your old code (not print_r()).

    However, it doesn't really make sense to do the encoding in the function itself. Just return the array, and in the main script, encode or format it in any way you want.

    There's some other issues:

    • Do not use SET NAMES. It breaks the escaping mechanism, because PDO isn't aware of the encoding change. Since PDO by default uses fake prepared statements that rely on automatic escaping, SET NAMES also breaks those fake prepared statements. On the bottom of the linked post, there's a code snippet on how to correctly set the encoding and turn on real prepared statements.
    • Do not use the terrible SQL "death star" (SELECT *). It's dangerous, because it selects everything (now and in future versions of the table), no matter if it's a password hash, a credit card number or your secret diary entry. It's inefficient, it wastes resources, and it's simply unclean. Don't use it. Always explicitly specify the columns you want.
    • Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    3
    Originally Posted by Jacques1
    Hi,

    I guess you want json_decode() like in your old code (not print_r()).

    However, it doesn't really make sense to do the encoding in the function itself. Just return the array, and in the main script, encode or format it in any way you want.

    There's some other issues:

    • Do not use SET NAMES. It breaks the escaping mechanism, because PDO isn't aware of the encoding change. Since PDO by default uses fake prepared statements that rely on automatic escaping, SET NAMES also breaks those fake prepared statements. On the bottom of the linked post, there's a code snippet on how to correctly set the encoding and turn on real prepared statements.
    • Do not use the terrible SQL "death star" (SELECT *). It's dangerous, because it selects everything (now and in future versions of the table), no matter if it's a password hash, a credit card number or your secret diary entry. It's inefficient, it wastes resources, and it's simply unclean. Don't use it. Always explicitly specify the columns you want.
    • Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway.
    Thanks for replies! I have a couple questions for you.

    --> What is a SET NAME?
    --> If I can't use the "death star" how can I still get all of the data from the database?
    --> "Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway." Could you give me an example of this?

    Thanks,
    TJ

IMN logo majestic logo threadwatch logo seochat tools logo