PDO, usando PDO con escape para obtener contenido y repetirlo

I am trying to use the following code to get results from a get variable, I used another code (listed farther down) and it worked but there is no way to escape while using it, I don't know what I have done wrong but I need help, I have just started PDO, so yes, I am an idiot :D but I want to learn.

if (isset($_GET['id'])) {
    $id = $_GET['id'];
    $q    = "SELECT * FROM users WHERE id=:id";
    $query = $odb->prepare($q);
    $results = $query->execute(array(
        ":id" => $id
    ));
    if($result-> rowCount()>0) {
        foreach($result as $item) {
            echo $item['user'];
        }
    }
}

The code that worked but didn't have an escape:

$id = $_GET['id'];
$query = "SELECT * FROM users WHERE id=".$id."";
$result = $odb->query($query);
if($result->rowCount() > 0) {
    foreach($result as $item) {
        echo  $item['user'];
    }
}

Thanks and PS, if it is a stupid question not that I am barely 13 and I don't think any question a 12 or 13 year old asks to do with code can be considered stupid. Please tell me what I did wrong.

¡Gracias!

preguntado el 02 de julio de 12 a las 03:07

I did that but it still doesn't give me what I need. Can you by any chance edit the code? -

By the way, you are NOT an idiot. Learning PDO instead of falling back on the old (and probably soon-to-be-deprecated) mysql_ functions means that you're getting ahead of the curve. ;) The fact that you're barely 13 is impressive. -

Quick question that shouldn't make a difference, but I'll ask anyway: What is the type of the id column in the users table? Is it an integer or a string? Also, what happens if you put a space after the equals sign in id=:id? That shouldn't matter either, but I'll admit, you have me kind of stumped; it should work. -

the id is an int, I have it working, the answer is given below -

2 Respuestas

You need to rewrite your results loop (everything between and including the if { } statement) as the following:

while (($item = $results->fetch(PDO::FETCH_ASSOC)) !== FALSE) {
    echo $item['user'];
}

You really don't need the call to rowCount() unless you particularly need the number of rows before a resultset. If there are no results, the loops will fail immediately because the first call will return FALSE and the loop will fall through without any iteration.

EDIT (DEBUGGING STEP):

What do you see if you use this? I'm thinking maybe you have an extra character (a whitespace) or something in $_GET['id'] that's legal when you pass it as a literal, but not when you pass it as a parameter:

if (isset($_GET['id'])) {
  $id = $_GET['id'];
  die(var_export($id, TRUE));
}

Respondido 02 Jul 12, 03:07

!== FALSE is not necessary. And PDO statement is traversable, you could use foreach. - xdazz

I know it's not strictly necessarily, but that's one of my little anal habits--I always explicitly check for the value I'm looking for because so much code I've had to repair has been broken due to bugs popping up when 0 or empty strings are returned that also evaluate to FALSE. It never hurts, and in many cases (though agreed, not this particular one), it prevents bugs. - Rey Skippus

I changed the code, thanks but I don't know what I am doing wrong: if (isset($_POST['id'])) { $id = $_POST['id']; $q = "SELECT * FROM users WHERE id=:id"; $query = $odb->prepare($q); $results = $query->execute(array( ":id" => $id )); while (($item = $results->fetch(PDO::FETCH_ASSOC)) !== FALSE) { echo $item['user']; } /*if($result->rowCount()>0) { foreach($result as $item) { echo $item['user']; } }*/ } - user115422

What do you see if you insert a var_export($id); just below $id = $_GET['id']? Maybe there's a space or other character in $_GET['id'] that's legal in the literal query, but not when it's passed as a parameter? I've edited my response above so that it's formatted for you to copy-and-paste. - Rey Skippus

I found an answer and I will post it as "answering my own question" thanks for your support! - user115422

if(isset($_GET['id'])){
    $id = $_GET['id'];

    $q = "SELECT * FROM `users` WHERE `id` = :id";
    $query = $odb->prepare($q);
    $query->execute(array(
        ':id' => $id
    ));

    if($query->rowCount() > 0){
        foreach($query->fetchAll() AS $item){
            echo $item['user'];
        }
    }
}

I did a bit of looking around and asked on phpfreaks, they told me that this would work, I tried it, it worked.

Respondido 03 Jul 12, 03:07

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.