April 13th, 2013, 10:38 PM
-
Help needed with return in a function
When the user goes to login, and presses login, the array is shown in the browser, and the only thing I can think of what is causing that is the print_r. I was wondering if there was a way to get it so that it could still return the array and do what it needs to do in the background. This worked previously with json_decode and an actual file - but I am getting rid of the files and entering data into a database. Thanks in advaced, and the code is below.
PHP Code:
function user_info($user) {
$PDOUser = " "; //Username for MySQL
$PDOPass = " "; //Password for MySQL
$dbh = new PDO('mysql:host=localhost;dbname=db_name', $PDOUser, $PDOPass);
$dbh->exec("set names utf8");
$stmt = $dbh->prepare("SELECT 1 FROM users WHERE user = :user");
// Pass items in to get cleaned
$stmt->bindParam(':user', $user);
// Check it
if ($stmt->execute() > 0) {
$data = $dbh->prepare("SELECT * FROM users WHERE user = :user");
$data->bindParam(':user', $user);
$data->execute();
$results = $data->FetchAll();
return print_r($results);
} else {
return false;
}
// This below here is the old code...
//if(is_file('data/users/'.strtolower(clean_alphanum($user)))) {
// return json_decode(file_get_contents('data/users/'.strtolower(clean_alphanum($user))),true);
//} else {
// return false;
//}
}
April 13th, 2013, 11:28 PM
-
print_r() is for debugging. I can't think of any reason you'd actually want to keep it in code.
April 14th, 2013, 04:33 AM
-
Hi,
I guess you want json_decode() like in your old code (not print_r()).
However, it doesn't really make sense to do the encoding in the function itself. Just return the array, and in the main script, encode or format it in any way you want.
There's some other issues:
- Do not use SET NAMES. It breaks the escaping mechanism, because PDO isn't aware of the encoding change. Since PDO by default uses fake prepared statements that rely on automatic escaping, SET NAMES also breaks those fake prepared statements. On the bottom of the linked post, there's a code snippet on how to correctly set the encoding and turn on real prepared statements.
- Do not use the terrible SQL "death star" (SELECT *). It's dangerous, because it selects everything (now and in future versions of the table), no matter if it's a password hash, a credit card number or your secret diary entry. It's inefficient, it wastes resources, and it's simply unclean. Don't use it. Always explicitly specify the columns you want.
- Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway.
April 14th, 2013, 10:43 AM
-
Originally Posted by Jacques1
Hi,
I guess you want
json_decode() like in your old code (not
print_r()).
However, it doesn't really make sense to do the encoding in the function itself. Just return the array, and in the main script, encode or format it in any way you want.
There's some other issues:
- Do not use SET NAMES. It breaks the escaping mechanism, because PDO isn't aware of the encoding change. Since PDO by default uses fake prepared statements that rely on automatic escaping, SET NAMES also breaks those fake prepared statements. On the bottom of the linked post, there's a code snippet on how to correctly set the encoding and turn on real prepared statements.
- Do not use the terrible SQL "death star" (SELECT *). It's dangerous, because it selects everything (now and in future versions of the table), no matter if it's a password hash, a credit card number or your secret diary entry. It's inefficient, it wastes resources, and it's simply unclean. Don't use it. Always explicitly specify the columns you want.
- Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway.
Thanks for replies! I have a couple questions for you.
--> What is a SET NAME?
--> If I can't use the "death star" how can I still get all of the data from the database?
--> "Doing the same query twice isn't very useful. Why not simply rely on fetchAll() returning an empty array in case there are no rows? An empty array also evaluates to false in a boolean context, and it's cleaner to always return the same type, anyway." Could you give me an example of this?
Thanks,
TJ