I need to use a generated string as an array within a MySQL-Loop. The string/array is built into $argumentarray from the $rows arguments and should after be used as the array of multiSQLarray[]
The function is called as:
multiSQL('**id,title,description,link**','menu')
The string gets correctly generated as
array('id' => $result['id'],'title' => $result['title'],'description' => $result['description'], 'link' => $result['link'])
But instead of using it as a string for the array it just adds it to the array for every result from the sql
Array ( [0] => array('id' => $result['id'],'title' => $result['title'],'description' => $result['description'], 'link' => $result['link']) [1] => array('id' => $result['id'],'title' => $result['title'],'description' => $result['description'], 'link' => $result['link']) )
What i expect is the SQL result as the array
Array ( [0] => Array ( [id] => 1 [title] => Customers [description] => Display the Customer Dashboard [link] => index.php ) [1] => Array ( [id] => 2 [title] => Server [description] => Display all Servers [link] => servers.php ) )
My code:
function multiSQL($rows=null,$table=null,$select=null) {
if(is_null($select)) {$filter="";} else { $filter = ' where '.$select; }
global $pdo;
$sql = 'SELECT '.$rows.' FROM '.$table.$filter.'';
$connection =$pdo->prepare($sql);
$connection->execute();
$multiSQLarray = array();
$arguments = explode(',',$rows);
$argumentarray = "";
$argumentscount=count($arguments);
$loopcount = 1;
foreach($arguments as $argument){
if($loopcount==$argumentscount){
$loopcount++;
$argumentarray = $argumentarray.' \''.$argument.'\' => $result[\''.$argument.'\']';
}
else{
$loopcount++;
$argumentarray = $argumentarray.'\''.$argument.'\' => $result[\''.$argument.'\'],';
}
}
$argumentarray = 'array('.$argumentarray.')';
echo $argumentarray.'<br><br>';
while ($result = $connection->fetch(PDO::FETCH_BOTH)) {
//$multiSQLarray[] = array('id' => $result['id'], 'title' => $result['title'], 'description' => $result['description'], 'link' => $result['link']);
$multiSQLarray[] = $argumentarray;
}
print_r($multiSQLarray);
return $multiSQLarray;
Structured data is structured data. Be it in a string or an array. I can't make sense of some of your code. The arrays in strings... unless you are angling to use an eval. I think that bit confuses your question some.
One thing you need to consider is how exposed you will be to SQL injection. Basically never trust the user right? So, you could do things like predfine, in code, the allowed columns. If the form submitted references something not whitelisted then stop! Also, have to think about escaping the user supplied values.
I'd want my function to accept a known, arguments that make sense for what it needs passed in... Clean things up first and then pass some data types that make the most sense to the function. Maybe something like...
/**
* @param string $table
* @param array $fields
* @param array $criteria (key/value pairs where key is field and value is scalar)
*/
function buildQuery($table, $fields, $criteria) {
$where = [];
$whereVals = [];
foreach($criteria as $k => $v) {
$where[] = "({$k} = ?)";
$whereVals[] = $v;
}
$where = implode(' AND ', $where);
$fields = implode(', ', $fields);
$sql = "SELECT {$fields} FROM {$table} WHERE {$where}";
//eg. SELECT id, name, bar FROM fooTable WHERE (id = ?) AND (name = ?)
$query = $pdo->prepare($sql);
$retval = $query->execute($whereVals);
return $retval;
}
$response = buildQuery( 'fooTable',
['id', 'name', 'bar'],
[
'id' => 5,
'name' => 'john'
]);
Maybe look at some frameworks or an ORM like Doctrine? Can see some good examples of OOP representations of a select statement. Makes dynamic query building a lot easier. End up with something DRYer too.