mrPickles Posted November 19, 2012 Share Posted November 19, 2012 Hello, I could have sworn I had this working at one point but not anymore... What I'm trying to do is pass a value between 2 pages so that another query can be performed after a selection on the first page is made. For example the URL being passed is image.php?docid='2007001437024'. The correct value gets passed but when I use the GET method the word "Array" is returned. Here is the code I'm using: <?php $docid = $_GET['docid']; //print_r($_GET); $query = "SELECT DISTINCT top (10) server, share, path, filename "; $query .= "FROM files "; $query .= "WHERE filename like '%{$docid}%'"; $result = sqlsrv_query($conn, $query) or die (sqlsrv_errors()); if(sqlsrv_has_rows($result)){ echo "Soooo many<br />";} else {echo "No results were found.<br />";} while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) { $server = sqlsrv_get_field($result, '0'); $share = sqlsrv_get_field($result, '1'); $path = sqlsrv_get_field($result, '2'); $filename = sqlsrv_get_field($result, '3'); //echo ("\\\\") . $row['server'] . ("\\") . $row['share'] . ("\\") . $row['path'] . "<br />"; echo '<div align="center"><img width="825" height="1068" src="file://///' . $row['server'] . '/CCIMAGE/' . $row['share'] . '/' . $row['path'] . $row['filename'] . '">' . '</div><br /><br />'; } ?> If I replace the docid variable in the query with the actual number I get the exact results I'm looking for. The get method seems to work because when the print_r statement is used it returns ( [docid] => '2007001437024' ) Array. I'm not trying to create an array because there's only 1 value, just store the docid in a variable and use that in the query. What gives? Thanks for any help! Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/ Share on other sites More sharing options...
requinix Posted November 19, 2012 Share Posted November 19, 2012 The only array I see in there is $row but you don't try to output it itself. What statement is outputting "Array"? And it looks like your $docid has quotes around the value. You probably shouldn't have those. Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393655 Share on other sites More sharing options...
mrPickles Posted November 19, 2012 Author Share Posted November 19, 2012 It outputs "Array" when I try to grab docid from the URL, store it in the variable $docid and then use $docid in the SQL query. Otherwise, if I comment out that line and change to file name to 2007001437024 the query executes properly and I get what I'm looking for. Like so: //$docid = $_GET['docid']; //print_r($_GET); $query = "SELECT DISTINCT top (10) server, share, path, filename "; $query .= "FROM files "; $query .= "WHERE filename like '%2007001437024%'"; Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393661 Share on other sites More sharing options...
AyKay47 Posted November 20, 2012 Share Posted November 20, 2012 But a query doesn't output anything to the browser. So, as requinix already has asked, what code is actually outputting "Array"? Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393684 Share on other sites More sharing options...
Psycho Posted November 20, 2012 Share Posted November 20, 2012 I think there are two problems here: 1. You have single quotes around the value in your URL as requinix pointed out. That would be preventing your query from running correctly because your docid, I'm assuming, does not actually have quotes in it. This is also the precursor to the second problem. 2. It sounds as if you actually took some time to try and debug your code by doing a print_r() of the $_GET global array. And that is the second problem. The $_GET global variable is always an array even if there is one value. Heck, it's still an array even if there are no values. So, the fact that is is showing up as an array isn't a problem. But, then again, those quote marks may be creating a second parameter as an array - kinda hard to tell from your query. But, solving problem #1 is probably all you need to do. Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393693 Share on other sites More sharing options...
mrPickles Posted November 20, 2012 Author Share Posted November 20, 2012 But a query doesn't output anything to the browser. So, as requinix already has asked, what code is actually outputting "Array"? I think there are two problems here: 1. You have single quotes around the value in your URL as requinix pointed out. That would be preventing your query from running correctly because your docid, I'm assuming, does not actually have quotes in it. This is also the precursor to the second problem. 2. It sounds as if you actually took some time to try and debug your code by doing a print_r() of the $_GET global array. And that is the second problem. The $_GET global variable is always an array even if there is one value. Heck, it's still an array even if there are no values. So, the fact that is is showing up as an array isn't a problem. But, then again, those quote marks may be creating a second parameter as an array - kinda hard to tell from your query. But, solving problem #1 is probably all you need to do. Thank you guys! I think Psycho was probably right about how "Array" was being printed in the browser though I cannot say for sure. It was the removal of the single quotes from the previous page that corrected this. Works perfectly now accept for when a file name begins with a space which in turn breaks the link that this little script creates.... Thanks again all! Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393811 Share on other sites More sharing options...
Beeeeney Posted November 20, 2012 Share Posted November 20, 2012 Thank you guys! I think Psycho was probably right about how "Array" was being printed in the browser though I cannot say for sure. It was the removal of the single quotes from the previous page that corrected this. Works perfectly now accept for when a file name begins with a space which in turn breaks the link that this little script creates.... Thanks again all! So why don't you create some sort of validation that doesn't let it break when a file name starts with a space? Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393813 Share on other sites More sharing options...
Pikachu2000 Posted November 20, 2012 Share Posted November 20, 2012 trim the form input. Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393815 Share on other sites More sharing options...
mrPickles Posted November 20, 2012 Author Share Posted November 20, 2012 (edited) I'm not real sure if anything can be done about that. Problem is that hyperlinks can't have space in it or it breaks unless I'm missing something? For example this is a particular file that we have on hand and this script puts together this: <img src="file://///www.blahdomain.org/CCIMAGE/FilesH\files/UCC\2001\5\22\N 0001898 _0008.tif"> Can that be fixed in a way other than updating the DB to remove spaces and also rename the file? Edited November 20, 2012 by mrPickles Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393816 Share on other sites More sharing options...
Pikachu2000 Posted November 20, 2012 Share Posted November 20, 2012 (edited) I'm not so sure a space is even a valid first character in a filename, which seems to be what the OP is talking about. Edited November 20, 2012 by Pikachu2000 Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393819 Share on other sites More sharing options...
Adam Posted November 20, 2012 Share Posted November 20, 2012 (edited) You can encode a space within a filename as %20 when requesting via HTTP. Pretty ugly though.. "ridiculous name.html" --> GET /ridiculous%20name.html Edited November 20, 2012 by Adam Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393847 Share on other sites More sharing options...
Psycho Posted November 20, 2012 Share Posted November 20, 2012 You should use urlencode() on any value being used as a parameter on the url, then use urldecode() on the value received from the $_GET parameter. This will handle any spaces (which are valid in a file name) or any other problematic characters. BUT! You should absolutely do a check that the file name passed is safe. A user could pass malicious data to make your script to load a file you do not want them to. Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393899 Share on other sites More sharing options...
DavidAM Posted November 21, 2012 Share Posted November 21, 2012 You should use urlencode() on any value being used as a parameter on the url, then use urldecode() on the value received from the $_GET parameter. This will handle any spaces (which are valid in a file name) or any other problematic characters. BUT! You should absolutely do a check that the file name passed is safe. A user could pass malicious data to make your script to load a file you do not want them to. @Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)? Also, don't you then need to rawurlencode the individual path components in the IMG tag? I say individual components because if you encode the entire path string, the DIRECTORY_SEPARATORs will be encoded and the url will not be what it is. Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1393992 Share on other sites More sharing options...
requinix Posted November 21, 2012 Share Posted November 21, 2012 @Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)? That's what I thought. The point of urlencode()ing is so that the arbitrary value you're adding doesn't mix with the link structure. Very much the URL equivalent of htmlspecialchars() and mysql_real_escape_string(). Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1394000 Share on other sites More sharing options...
Psycho Posted November 21, 2012 Share Posted November 21, 2012 @Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)? That's what I thought. The point of urlencode()ing is so that the arbitrary value you're adding doesn't mix with the link structure. Very much the URL equivalent of htmlspecialchars() and mysql_real_escape_string(). Yep, my mistake. But, I found I was able to use urlencode() or rawurlencode() on a full file path with no problems. But,, passing an actual file name is a bad process in my opinion. Better to pass an ID then translate the ID to the actual file, IMO Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1394216 Share on other sites More sharing options...
mrPickles Posted November 28, 2012 Author Share Posted November 28, 2012 (edited) Hello again... I am getting just the word "Array" output again but it is for some different reason that makes no sense to me. The only difference there is is data type this go around. Let me explain.. I have a query that is pulling data from 4 different tables. One of those tables has a column named collateral which is varchar(255) and another column in the same table called bigcollateral which is text data type. The following script displays the exact results I'm looking for in a browser and it is "collateral" that I'm pulling. However, if i change the query to pull bigcollateral, the variable to bigcollateral and the echo $row to bigcollateral the only thing that is displayed again is Array!??! Again, I think it's maybe the data type but I'm not sure. Any thoughts? $query = "SELECT DISTINCT files.docid, server, share, path, filedatetime, doctype, collateral, pages, docnum, debtor.description as debtor_name, debtor.address1 as debtor_address, debtor.city as debtor_city, debtor.state as debtor_state, debtor.zip as debtor_zip, lendor.description as lendor_description, lendor.address1 as lendor_address, lendor.city as lendor_city, lendor.state as lendor_state, lendor.zip as lendor_zip "; $query .= "FROM files "; $query .= "INNER JOIN document "; $query .= "ON files.docid = document.docid "; $query .= "INNER JOIN debtor "; $query .= "ON document.docid = debtor.docid "; $query .= "INNER JOIN lendor "; $query .= "ON debtor.docid = lendor.docid "; $query .= "WHERE files.filename like '%{$docid}%'"; $result = sqlsrv_query($conn, $query) or die (sqlsrv_errors()); $row_count = sqlsrv_num_rows($result); //if ($row_count === false) { //echo "Error in retrieveing row count."; //} else echo $row_count; while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) { $docid = sqlsrv_get_field($result, '0'); $server = sqlsrv_get_field($result, '1'); $share = sqlsrv_get_field($result, '2'); $path = sqlsrv_get_field($result, '3'); $filedatetime = sqlsrv_get_field($result, '4'); $doctype = sqlsrv_get_field($result, '5'); $collateral = sqlsrv_get_field($result, '6'); $pages = sqlsrv_get_field($result, '7'); $docnum = sqlsrv_get_field($result, '8'); $debtor_description = sqlsrv_get_field($result, '9'); $debtor_address1 = sqlsrv_get_field($result, '10'); $debtor_city = sqlsrv_get_field($result, '11'); $debtor_state = sqlsrv_get_field($result, '12'); $debtor_zip = sqlsrv_get_field($result, '13'); $lendor_description = sqlsrv_get_field($result, '14'); $lendor_address1 = sqlsrv_get_field($result, '15'); $lendor_city = sqlsrv_get_field($result, '16'); $lendor_state = sqlsrv_get_field($result, '17'); $lendor_zip = sqlsrv_get_field($result, '18'); echo '<table width="830" align="center" style="background-color:#3b3b3b; border:1px solid #dddfe0; color:#dddfe0;">' . '<tr align="left" style="background-color:#070707;">' . '<td width="415" valign="top">Document No:<font color="#CDD704"> ' . $row['docnum'] . '</font></td>' . '<td width="415" valign="top">Description:</td>' . '</tr>' . '<tr><td valign="top">Document Type: ' . $row['doctype'] . '<br />Filing Date: ' . date_format($row['filedatetime'], 'd/m/y') . '<br />Pages: ' . $row['pages'] . '<br /><a href="file:' . ("\\\\") . $row['server'] . ("\\") . 'ccimage' . ("\\") . $row['share'] . ("\\") . $row['path'] . '"target="_blank" style="color:#3b3b3b"><img src="images/share_icon.png" border="0" width="24" height="20"></a><a href="image.php?docid=' . urlencode($row['docnum']) . '"><img src="images/mag_glass.png" height="20" width="18" border="0"></a></td><td valign="top">' . $row['collateral'] . '</td></tr>' . '<tr align="left" style="background-color:#070707;">' . '<td width="415">Debtor:</td>' . '<td width="415">Secured Party:</td>' . '</tr>' . '<tr><td valign="top">' . $row['debtor_name'] . '<br />' . $row['debtor_address'] . '<br />' . $row['debtor_city'] . ' ' . $row['debtor_state'] . ', ' . $row['debtor_zip'] . '</td>' . '<td align="left">' . $row['lendor_description'] . '<br />' . $row['lendor_address'] . '<br />' . $row['lendor_city'] . ' ' . $row['lendor_state'] . ', ' . $row['lendor_zip'] . '</td>' . '</tr>' . '</table>'; } Edited November 28, 2012 by mrPickles Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1396045 Share on other sites More sharing options...
Christian F. Posted November 28, 2012 Share Posted November 28, 2012 Have you checked to see what's actually stored in the database? Alternatively, run a var_dump () on the row returned from the database. PS: These lines are completely unnecessary, and only serves to waste a lot of resources: $docid = sqlsrv_get_field($result, '0'); $server = sqlsrv_get_field($result, '1'); $share = sqlsrv_get_field($result, '2'); $path = sqlsrv_get_field($result, '3'); $filedatetime = sqlsrv_get_field($result, '4'); $doctype = sqlsrv_get_field($result, '5'); $collateral = sqlsrv_get_field($result, '6'); $pages = sqlsrv_get_field($result, '7'); $docnum = sqlsrv_get_field($result, '8'); $debtor_description = sqlsrv_get_field($result, '9'); $debtor_address1 = sqlsrv_get_field($result, '10'); $debtor_city = sqlsrv_get_field($result, '11'); $debtor_state = sqlsrv_get_field($result, '12'); $debtor_zip = sqlsrv_get_field($result, '13'); $lendor_description = sqlsrv_get_field($result, '14'); $lendor_address1 = sqlsrv_get_field($result, '15'); $lendor_city = sqlsrv_get_field($result, '16'); $lendor_state = sqlsrv_get_field($result, '17'); $lendor_zip = sqlsrv_get_field($result, '18'); You've already fetched all of that data with the sqlsrv_fetch_array () statement, no need to do it twice (with the slowest method to boot). Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1396056 Share on other sites More sharing options...
mrPickles Posted November 30, 2012 Author Share Posted November 30, 2012 Have you checked to see what's actually stored in the database? Alternatively, run a var_dump () on the row returned from the database. PS: These lines are completely unnecessary, and only serves to waste a lot of resources: $docid = sqlsrv_get_field($result, '0'); $server = sqlsrv_get_field($result, '1'); $share = sqlsrv_get_field($result, '2'); $path = sqlsrv_get_field($result, '3'); $filedatetime = sqlsrv_get_field($result, '4'); $doctype = sqlsrv_get_field($result, '5'); $collateral = sqlsrv_get_field($result, '6'); $pages = sqlsrv_get_field($result, '7'); $docnum = sqlsrv_get_field($result, '8'); $debtor_description = sqlsrv_get_field($result, '9'); $debtor_address1 = sqlsrv_get_field($result, '10'); $debtor_city = sqlsrv_get_field($result, '11'); $debtor_state = sqlsrv_get_field($result, '12'); $debtor_zip = sqlsrv_get_field($result, '13'); $lendor_description = sqlsrv_get_field($result, '14'); $lendor_address1 = sqlsrv_get_field($result, '15'); $lendor_city = sqlsrv_get_field($result, '16'); $lendor_state = sqlsrv_get_field($result, '17'); $lendor_zip = sqlsrv_get_field($result, '18'); You've already fetched all of that data with the sqlsrv_fetch_array () statement, no need to do it twice (with the slowest method to boot). Yes I have checked to see what's stored in the database as I've run the query against it in SSMS and gotten the desired results. The bigcollateral column holds text and in some cases is 300-500 characters. When I run var_dump($row['collateral']); I can see what data is in that field. However, if that is changed to var_dump($row['bigcollateral']); it still only says Array at the top of the page. Thanks for the heads up on those unnecessary lines of code. Still trying to learn here Quote Link to comment https://forums.phpfreaks.com/topic/270922-get-method-returning-the-word-array/#findComment-1396476 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.