Get Method Returning The Word Array

[mrPickles]

Hello,

 

I could have sworn I had this working at one point but not anymore...

 

What I'm trying to do is pass a value between 2 pages so that another query can be performed after a selection on the first page is made. For example the URL being passed is image.php?docid='2007001437024'. The correct value gets passed but when I use the GET method the word "Array" is returned. Here is the code I'm using:

 

<?php
$docid = $_GET['docid'];
//print_r($_GET);

$query = "SELECT DISTINCT top (10) server, share, path, filename ";
$query .= "FROM files ";
$query .= "WHERE filename like '%{$docid}%'";
$result = sqlsrv_query($conn, $query) or die (sqlsrv_errors());  
if(sqlsrv_has_rows($result)){ echo "Soooo many<br />";}
else
{echo "No results were found.<br />";}

while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) {
 $server = sqlsrv_get_field($result, '0');
 $share = sqlsrv_get_field($result, '1');
 $path = sqlsrv_get_field($result, '2');
 $filename = sqlsrv_get_field($result, '3');

//echo ("\\\\") . $row['server'] . ("\\") . $row['share'] . ("\\") . $row['path'] . "<br />";
echo '<div align="center"><img width="825" height="1068" src="file://///' . $row['server'] . '/CCIMAGE/' . $row['share'] . '/' . $row['path'] . $row['filename'] . '">' . '</div><br /><br />';
} 
?>

 

If I replace the docid variable in the query with the actual number I get the exact results I'm looking for. The get method seems to work because when the print_r statement is used it returns ( [docid] => '2007001437024' ) Array. I'm not trying to create an array because there's only 1 value, just store the docid in a variable and use that in the query. What gives? Thanks for any help!

[requinix]

The only array I see in there is $row but you don't try to output it itself. What statement is outputting "Array"?

 

And it looks like your $docid has quotes around the value. You probably shouldn't have those.

[mrPickles]

It outputs "Array" when I try to grab docid from the URL, store it in the variable $docid and then use $docid in the SQL query. Otherwise, if I comment out that line and change to file name to 2007001437024 the query executes properly and I get what I'm looking for. Like so:

//$docid = $_GET['docid'];
//print_r($_GET);

$query = "SELECT DISTINCT top (10) server, share, path, filename ";
$query .= "FROM files ";
$query .= "WHERE filename like '%2007001437024%'";

[AyKay47]

But a query doesn't output anything to the browser. So, as requinix already has asked, what code is actually outputting "Array"?

[Psycho]

I think there are two problems here:

 

1. You have single quotes around the value in your URL as requinix pointed out. That would be preventing your query from running correctly because your docid, I'm assuming, does not actually have quotes in it. This is also the precursor to the second problem.

 

2. It sounds as if you actually took some time to try and debug your code by doing a print_r() of the $_GET global array. And that is the second problem. The $_GET global variable is always an array even if there is one value. Heck, it's still an array even if there are no values. So, the fact that is is showing up as an array isn't a problem. But, then again, those quote marks may be creating a second parameter as an array - kinda hard to tell from your query. But, solving problem #1 is probably all you need to do.

[mrPickles]

But a query doesn't output anything to the browser. So, as requinix already has asked, what code is actually outputting "Array"?

I think there are two problems here: 1. You have single quotes around the value in your URL as requinix pointed out. That would be preventing your query from running correctly because your docid, I'm assuming, does not actually have quotes in it. This is also the precursor to the second problem. 2. It sounds as if you actually took some time to try and debug your code by doing a print_r() of the $_GET global array. And that is the second problem. The $_GET global variable is always an array even if there is one value. Heck, it's still an array even if there are no values. So, the fact that is is showing up as an array isn't a problem. But, then again, those quote marks may be creating a second parameter as an array - kinda hard to tell from your query. But, solving problem #1 is probably all you need to do.

 

Thank you guys! I think Psycho was probably right about how "Array" was being printed in the browser though I cannot say for sure.

 

It was the removal of the single quotes from the previous page that corrected this. Works perfectly now accept for when a file name begins with a space which in turn breaks the link that this little script creates.... Thanks again all!

[Beeeeney]

Thank you guys! I think Psycho was probably right about how "Array" was being printed in the browser though I cannot say for sure.

 

It was the removal of the single quotes from the previous page that corrected this. Works perfectly now accept for when a file name begins with a space which in turn breaks the link that this little script creates.... Thanks again all!

 

So why don't you create some sort of validation that doesn't let it break when a file name starts with a space?

[Pikachu2000]

trim the form input.

[mrPickles]

I'm not real sure if anything can be done about that. Problem is that hyperlinks can't have space in it or it breaks unless I'm missing something? For example this is a particular file that we have on hand and this script puts together this:

 

<img src="file://///www.blahdomain.org/CCIMAGE/FilesH\files/UCC\2001\5\22\N 0001898 _0008.tif">

 

Can that be fixed in a way other than updating the DB to remove spaces and also rename the file?

Edited November 20, 2012 by mrPickles

[Pikachu2000]

I'm not so sure a space is even a valid first character in a filename, which seems to be what the OP is talking about.

Edited November 20, 2012 by Pikachu2000

[Adam]

You can encode a space within a filename as %20 when requesting via HTTP. Pretty ugly though..

 

"ridiculous name.html" --> GET /ridiculous%20name.html

Edited November 20, 2012 by Adam

[Psycho]

You should use urlencode() on any value being used as a parameter on the url, then use urldecode() on the value received from the $_GET parameter. This will handle any spaces (which are valid in a file name) or any other problematic characters.

 

BUT! You should absolutely do a check that the file name passed is safe. A user could pass malicious data to make your script to load a file you do not want them to.

[DavidAM]

You should use urlencode() on any value being used as a parameter on the url, then use urldecode() on the value received from the $_GET parameter. This will handle any spaces (which are valid in a file name) or any other problematic characters.

 

BUT! You should absolutely do a check that the file name passed is safe. A user could pass malicious data to make your script to load a file you do not want them to.

 

@Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)?

Also, don't you then need to rawurlencode the individual path components in the IMG tag? I say individual components because if you encode the entire path string, the DIRECTORY_SEPARATORs will be encoded and the url will not be what it is.

[requinix]

@Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)?

That's what I thought. The point of urlencode()ing is so that the arbitrary value you're adding doesn't mix with the link structure. Very much the URL equivalent of htmlspecialchars() and mysql_real_escape_string().

[Psycho]

@Psycho: Correct me if I'm wrong, but won't PHP automatically do the url decode (on GET parameters)?

That's what I thought. The point of urlencode()ing is so that the arbitrary value you're adding doesn't mix with the link structure. Very much the URL equivalent of htmlspecialchars() and mysql_real_escape_string().

 

Yep, my mistake. But, I found I was able to use urlencode() or rawurlencode() on a full file path with no problems. But,, passing an actual file name is a bad process in my opinion. Better to pass an ID then translate the ID to the actual file, IMO

[mrPickles]

Hello again... I am getting just the word "Array" output again but it is for some different reason that makes no sense to me. The only difference there is is data type this go around. Let me explain.. I have a query that is pulling data from 4 different tables. One of those tables has a column named collateral which is varchar(255) and another column in the same table called bigcollateral which is text data type. The following script displays the exact results I'm looking for in a browser and it is "collateral" that I'm pulling. However, if i change the query to pull bigcollateral, the variable to bigcollateral and the echo $row to bigcollateral the only thing that is displayed again is Array!??! Again, I think it's maybe the data type but I'm not sure. Any thoughts?

 

$query = "SELECT DISTINCT files.docid, server, share, path, filedatetime, doctype, collateral, pages, docnum, debtor.description as debtor_name, debtor.address1 as debtor_address, debtor.city as debtor_city, debtor.state as debtor_state, debtor.zip as debtor_zip, lendor.description as lendor_description, lendor.address1 as lendor_address, lendor.city as lendor_city, lendor.state as lendor_state, lendor.zip as lendor_zip ";
$query .= "FROM files ";
$query .= "INNER JOIN document ";
$query .= "ON files.docid = document.docid ";
$query .= "INNER JOIN debtor ";
$query .= "ON document.docid = debtor.docid ";
$query .= "INNER JOIN lendor ";
$query .= "ON debtor.docid = lendor.docid ";
$query .= "WHERE files.filename like '%{$docid}%'";
$result = sqlsrv_query($conn, $query) or die (sqlsrv_errors());

$row_count = sqlsrv_num_rows($result);

//if ($row_count === false) {
//echo "Error in retrieveing row count.";
//} else
echo $row_count;


while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) {
$docid = sqlsrv_get_field($result, '0');
$server = sqlsrv_get_field($result, '1');
$share = sqlsrv_get_field($result, '2');
$path = sqlsrv_get_field($result, '3');
$filedatetime = sqlsrv_get_field($result, '4');
$doctype = sqlsrv_get_field($result, '5');
$collateral = sqlsrv_get_field($result, '6');
$pages = sqlsrv_get_field($result, '7');
$docnum = sqlsrv_get_field($result, '8');
$debtor_description = sqlsrv_get_field($result, '9');
$debtor_address1 = sqlsrv_get_field($result, '10');
$debtor_city = sqlsrv_get_field($result, '11');
$debtor_state = sqlsrv_get_field($result, '12');
$debtor_zip = sqlsrv_get_field($result, '13');
$lendor_description = sqlsrv_get_field($result, '14');
$lendor_address1 = sqlsrv_get_field($result, '15');
$lendor_city = sqlsrv_get_field($result, '16');
$lendor_state = sqlsrv_get_field($result, '17');
$lendor_zip = sqlsrv_get_field($result, '18');

echo '<table width="830" align="center" style="background-color:#3b3b3b; border:1px solid #dddfe0; color:#dddfe0;">' .
'<tr align="left" style="background-color:#070707;">' .
'<td width="415" valign="top">Document No:<font color="#CDD704"> ' . $row['docnum'] . '</font></td>' .
'<td width="415" valign="top">Description:</td>' .
'</tr>' .
'<tr><td valign="top">Document Type: ' . $row['doctype'] . '<br />Filing Date: ' . date_format($row['filedatetime'], 'd/m/y') . '<br />Pages: ' . $row['pages'] . '<br /><a href="file:' . ("\\\\") . $row['server'] . ("\\") . 'ccimage' . ("\\") . $row['share'] . ("\\") . $row['path'] . '"target="_blank" style="color:#3b3b3b"><img src="images/share_icon.png" border="0" width="24" height="20"></a><a href="image.php?docid=' . urlencode($row['docnum']) . '"><img src="images/mag_glass.png" height="20" width="18" border="0"></a></td><td valign="top">' . $row['collateral'] . '</td></tr>' .
'<tr align="left" style="background-color:#070707;">' .
'<td width="415">Debtor:</td>' .
'<td width="415">Secured Party:</td>' .
'</tr>' .
'<tr><td valign="top">' . $row['debtor_name'] . '<br />' . $row['debtor_address'] . '<br />' . $row['debtor_city'] . ' ' . $row['debtor_state'] . ', ' . $row['debtor_zip'] . '</td>' .
'<td align="left">' . $row['lendor_description'] . '<br />' . $row['lendor_address'] . '<br />' . $row['lendor_city'] . ' ' . $row['lendor_state'] . ', ' . $row['lendor_zip'] . '</td>' .
'</tr>' .
'</table>';
}

Edited November 28, 2012 by mrPickles

[Christian F.]

Have you checked to see what's actually stored in the database? Alternatively, run a var_dump () on the row returned from the database.

 

PS: These lines are completely unnecessary, and only serves to waste a lot of resources:

$docid = sqlsrv_get_field($result, '0');
$server = sqlsrv_get_field($result, '1');
$share = sqlsrv_get_field($result, '2');
$path = sqlsrv_get_field($result, '3');
$filedatetime = sqlsrv_get_field($result, '4');
$doctype = sqlsrv_get_field($result, '5');
$collateral = sqlsrv_get_field($result, '6');
$pages = sqlsrv_get_field($result, '7');
$docnum = sqlsrv_get_field($result, '8');
$debtor_description = sqlsrv_get_field($result, '9');
$debtor_address1 = sqlsrv_get_field($result, '10');
$debtor_city = sqlsrv_get_field($result, '11');
$debtor_state = sqlsrv_get_field($result, '12');
$debtor_zip = sqlsrv_get_field($result, '13');
$lendor_description = sqlsrv_get_field($result, '14');
$lendor_address1 = sqlsrv_get_field($result, '15');
$lendor_city = sqlsrv_get_field($result, '16');
$lendor_state = sqlsrv_get_field($result, '17');
$lendor_zip = sqlsrv_get_field($result, '18');

You've already fetched all of that data with the sqlsrv_fetch_array () statement, no need to do it twice (with the slowest method to boot).

[mrPickles]

Have you checked to see what's actually stored in the database? Alternatively, run a var_dump () on the row returned from the database.

 

PS: These lines are completely unnecessary, and only serves to waste a lot of resources:

$docid = sqlsrv_get_field($result, '0');
$server = sqlsrv_get_field($result, '1');
$share = sqlsrv_get_field($result, '2');
$path = sqlsrv_get_field($result, '3');
$filedatetime = sqlsrv_get_field($result, '4');
$doctype = sqlsrv_get_field($result, '5');
$collateral = sqlsrv_get_field($result, '6');
$pages = sqlsrv_get_field($result, '7');
$docnum = sqlsrv_get_field($result, '8');
$debtor_description = sqlsrv_get_field($result, '9');
$debtor_address1 = sqlsrv_get_field($result, '10');
$debtor_city = sqlsrv_get_field($result, '11');
$debtor_state = sqlsrv_get_field($result, '12');
$debtor_zip = sqlsrv_get_field($result, '13');
$lendor_description = sqlsrv_get_field($result, '14');
$lendor_address1 = sqlsrv_get_field($result, '15');
$lendor_city = sqlsrv_get_field($result, '16');
$lendor_state = sqlsrv_get_field($result, '17');
$lendor_zip = sqlsrv_get_field($result, '18');

You've already fetched all of that data with the sqlsrv_fetch_array () statement, no need to do it twice (with the slowest method to boot).

Yes I have checked to see what's stored in the database as I've run the query against it in SSMS and gotten the desired results. The bigcollateral column holds text and in some cases is 300-500 characters. When I run var_dump($row['collateral']); I can see what data is in that field. However, if that is changed to var_dump($row['bigcollateral']); it still only says Array at the top of the page.

 

Thanks for the heads up on those unnecessary lines of code. Still trying to learn here