Ben Yates February 2016

Creating and using an Array with MySQL and PHP

I'm trying to create a SQL query that takes the values of an entire table and dumps them into an array that I can call based the value of a URL parameter.

The parameter passed into the url will be ?username=User1.

I need the query to filter results in the database that are related to the that user (for example - their name, email address, interests etc).

I want to then be able to store them in an array that I can use to call and display the values, for example;

<?php echo htmlentities($row['profiles']['username'], ENT_QUOTES, 'UTF-8'); ?>
<?php echo htmlentities($row['profiles']['location_city'], ENT_QUOTES, 'UTF-8'); ?>

I use the following PHP to set the $u variable in PHP

My SQL query so far is as follows

 $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username='$u'
    "; 

I then use the following PHP code to try and pass the data into an array;

try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll();

My full code for profile.php;

<?php $_GET['u'] = 'u'; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we chec        

Answers


RomanPerekhrest February 2016

Change profile.php file contents as shown below:

<?php $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: index.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username = '$username'
    "; 

    try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
?> 

<?php include('header.php') ?>

<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">
 

Post Status

Asked in February 2016
Viewed 2,836 times
Voted 14
Answered 1 times

Search




Leave an answer