I'm trying to connect to a MySQL database using PHP (with PDO) but I'm not that familiar with PHP so I'm a little stuck. I'm trying to search one of my databases for all occurrences of $userid and then store the $crn associated with it in an array but I don't really know how to go about that. Here's what I have so far...
$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid=' . $userid);
$sthandler->execute(array('username'));
if($sthandler->rowCount() > 0)
{
// User exists, get user's courses from database and returns array of CRNs
for(int i = 0; i < rowCount; i++)
{
$sthandler = $conn->prepare('SELECT crn FROM usercourses WHERE userid=' . $userid);
$sthandler->execute(array($USER => $crnArray));
}
}
The point of PDO is to prevent concatenating the query string like you're currently doing. It's supposed to be used used to prepare the statements.
$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid= :user_id');
if($sthandler->execute(array(':user_id' => $user_id))) {
if($sthandler->rowCount() > 0)
{
// User exists, get user's courses from database and returns array of CRNs
for(int $i = 0; $i < rowCount; $i++)
{
$sthandler = $conn->prepare('SELECT crn FROM usercourses WHERE userid= :user_id';
$sthandler->execute(array(':user_id' => $user_id));
}
}
}
You're trying to execute with random data in the arrays.
One more thing, you should wrap your queries in a try/catch statement, to handle any potential errors:
try {
// run query and all
}
catch (PDOException $e){
// echo out the error if there is one.
echo $e->getMessage();
}
And the last note, while you're at it. You should explicitly turn on errors when constructing your PDO object!
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
I advise you to check the documentation on PDO and PDOStatement for more detailed information.
I guess you're already connected to your database through PDO ? (else see PDO::__construct())
With a prepared query you better "bind" ($sthandler->bindParam()) your parameters instead of concatenating them, like so
$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid= :user_id');
$sthandler->bindParam(':userid', $userid, PDO::PARAM_INT);
I don't quite understand the rest of your code though. Maybe isn't it complete. You make a loop on something that is supposed to always be a unique result (i hope for you, "userid" is a unique primary key).
If this loop is actually useless, then maybe you should consider making only 1 query to get both user and courses at the same time, by using a join between the tables :
SELECT u.userid, c.crn FROM users u INNER JOIN usercourses c ON u.userid = c.userid WHERE u.userid= :user_id
And from this result, get anything you want. Yes you will have duplicated data in your result (userid on each row of different courses), but it's still a better way than doing 2 seperate queries.
Consider using $sthandler->fetch() or $sthandler->fetchAll() to get every results and organize them into an array, as it suits you :
$rows = $sthandler->fetchAll(PDO::FETCH_ASSOC); // FETCH_ASSOC will return the results as array with columns' name as keys.
// Do your loop on the array $rows to process it
Or
while( $row = $sthandler->fetch(PDO::FETCH_ASSOC) ) {
// do whatever you like with each row
}
Also take Darren's advice to wrap your PDO queries with try/catch to avoid any errors.