Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to sent the result of SQL query to a variable(not array)?
How to sent the result of SQL query to a variable(not array)?
  • El Forum
    Guest
  •  
#1
10-18-2009, 02:18 PM

[eluser]Sinclair[/eluser]
Hi,

I'am with some problems to get the "title" of an article from database and send it to a normal variable(not array).

My model:
Code:
function getTituloAnuncio($pid_anuncio) {
        $query = $this->db->query("select a.n_anuncio from atw_anuncios a where
        a.id_anuncio = '".$pid_anuncio."'");
        return $query->result();
    }

My Controller code:
Code:
$title = $this->acomp_model->getTituloAnuncio($pid_anuncio = $this->uri->segment(3)); # Aqui

My view:
Code:
<html>
<head>
<title>
    <?php echo $title; ?>
</title>
</head>

The final result is that I see the word "Array" printed instead the title. How can I print the variable when I know that the query only returns one line?


Best Regards,
  • El Forum
    Guest
  •  
#2
10-18-2009, 03:39 PM

[eluser]jedd[/eluser]
You can change the model's method to return a string, rather than a result array.

Consider:

Code:
function getTituloAnuncio($pid_anuncio) {
    $query = $this->db->query("SELECT
                                   a.n_anuncio
                               FROM
                                   atw_anuncios a
                               WHERE
                                   a.id_anuncio = '".$pid_anuncio."'" );

    if ($query->num_rows() != 1)
        return FALSE;

    $result = $query->row_array();

    return $result['a.n_anuncio'];
    // Check if the result is a.anuncio or just anuncio -- I never bother to do
    // this kind of table rename within a query, especially for such a simple query.
    }


Also, why is your controller making this call?
Code:
$title = $this->acomp_model->getTituloAnuncio($pid_anuncio = $this->uri->segment(3)); # Aqui

Surely you can just do this instead:
Code:
$title = $this->acomp_model->getTituloAnuncio ( $this->uri->segment(3) ); # Aqui

Note that in any case you really do want to sanitise your input here, as you're quite exposed to SQL injection. I'd suggest a check in your model, at the very least, to ensure the data passes an is_numeric() test before you use it. Alternatively use a $this->db->escape() function around the parameter. (I reckon the is_numeric test would be faster.)

Finally, your models should start with a capital letter, unless you're doing something odd. This might bite you when you change file systems / operating systems.
  • El Forum
    Guest
  •  
#3
10-18-2009, 04:13 PM

[eluser]Sinclair[/eluser]
[quote author="jedd" date="1255919960"]You can change the model's method to return a string, rather than a result array.

Consider:

Code:
function getTituloAnuncio($pid_anuncio) {
    $query = $this->db->query("SELECT
                                   a.n_anuncio
                               FROM
                                   atw_anuncios a
                               WHERE
                                   a.id_anuncio = '".$pid_anuncio."'" );

    if ($query->num_rows() != 1)
        return FALSE;

    $result = $query->row_array();

    return $result['a.n_anuncio'];
    // Check if the result is a.anuncio or just anuncio -- I never bother to do
    // this kind of table rename within a query, especially for such a simple query.
    }


Also, why is your controller making this call?
Code:
$title = $this->acomp_model->getTituloAnuncio($pid_anuncio = $this->uri->segment(3)); # Aqui

Surely you can just do this instead:
Code:
$title = $this->acomp_model->getTituloAnuncio ( $this->uri->segment(3) ); # Aqui

Note that in any case you really do want to sanitise your input here, as you're quite exposed to SQL injection. I'd suggest a check in your model, at the very least, to ensure the data passes an is_numeric() test before you use it. Alternatively use a $this->db->escape() function around the parameter. (I reckon the is_numeric test would be faster.)

Finally, your models should start with a capital letter, unless you're doing something odd. This might bite you when you change file systems / operating systems.[/quote]

It is working. Many Thanks!

I know I'am exposed to SQL injection. I will solve the problem when the website get in a more advanced phase.

Thank you.
  • El Forum
    Guest
  •  
#4
10-18-2009, 04:30 PM

[eluser]jedd[/eluser]
[quote author="Sinclair" date="1255921994"]
It is working. Many Thanks!
[/quote]

Very happy to hear that.

Quote:I know I'am exposed to SQL injection. I will solve the problem when the website get in a more advanced phase.

I'd encourage you to fix it now.

Partly because it's a very good habit to get into. Any number I use in my SQL queries always gets an is_numeric() test run against it first (don't use ctype_digit() - this only works for strings, I discovered).

Partly because this one is so very easy to fix this one right now, and then you can forget about it.

At the very least, annotate your code using whatever system you have in place - I'm using @todo links that PHPDocumentor catalogues for me - to remind yourself later that this code needs fixing.




Theme © iAndrew 2016 - Forum software by © MyBB