DanielW Posted April 29, 2014 Share Posted April 29, 2014 HI I've been following a few youtube tutorials and have been playing around with querying databases, however I dont really fully understand whats going on, I've tried to seach on the web for an explination to the code but all I seem to find is more code examples without actully knowing whats happening would someone be able to explain in laymans terms whats happening in this code. sorry for being such a newbie but I like to get to grips and understand how things work $result = mysql_query("SELECT * FROM car WHERE car_model='$car_id'") or die(mysql_error()); $cars = result_to_array($result); foreach($cars as $car){ $car_p=$car['wheel_id']; $result = mysql_query("SELECT * FROM wheel WHERE wheel_id='$car_p'") or die(mysql_error()); $car_wheel_details = result_to_array($result); foreach($car_wheel_details as $car_wheel_detail){ ?> <div class="wheel_stuff"> <h1><?php echo $car_wheel_detail['wheel_name']; ?></h1> <div class="plft"><img src="images/<?php echo $car_wheel_detail['wheel_image']; ?>" /></div> <div class="prt"> <p><strong>Category : </strong><?php echo $car_wheel_detail['wheel_category']; ?></p> <p><strong>Info : </strong><?php echo $car_wheel_detail['wheel_info']; ?></p> <div style="clear:both"></div> </div> <div style="clear:both"></div> </div> Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted April 29, 2014 Share Posted April 29, 2014 Hi, I fear you've chosen a very, very bad tutorial. The whole code is just awful and may only be used as an example of what you should not do: The mysql_* functions are obsolete since more than 10 years and will be removed in the future. Do not use them for new projects! Nowadays, we use PDO or MySQLi. There's no security whatsoever. They just throw everything together to see what happens. If this was on an actual server, it would be compromised in a matter of minutes. There's no formatting, and the mixture of PHP and HTML makes this thing absolutely incomprehensible. I think you should throw this away and not even try to understand it. If you already have tried out databases, wouldn't it make more sense to build upon that and write your own code? I would do this: Create a test database or use your old one. Establish a connection to it with PDO. The link above explains how. Or check out this thread. Make a simple query like SELECT * FROM test. Fetch the rows and display them. (again check the link). Now try some variations: Add a WHERE clause, select specific columns, fetch only one row etc. After this, look at prepared statements as a mechanism to securely pass PHP values to queries. Try this out by passing a value through the URL. Quote Link to comment Share on other sites More sharing options...
r3wt Posted April 30, 2014 Share Posted April 30, 2014 function getWheelsByCar($car_id) { $mysqli = new mysqli("localhost","username","password","databasename"); $wheel_id = null; $stmt = $mysqli->prepare("SELECT wheel_id FROM car WHERE car_model= ?");//initiate prepared statement $stmt->bind_param('i',$car_id);//when you bind parameters to a query, i stands for integer, s stands for string, d stands for double //the following line asks whether $stmt->execute() is true. i assume its an integer here, but it may be a string. if($stmt->execute()) { //if it did $stmt->bind_result($wheel_id);//bind our result object to a variable while($stmt->fetch()) { $wheel_id = $wheel_id;//while fetching the statement, we force writing the result to the variable } if(!empty($wheel_id)) { //if the wheel id exists, we close the first statement and run the second query. $stmt->close(); $stmt = $mysqli->prepare("SELECT wheel_name,wheel_image,wheel_category,wheel_info FROM wheel WHERE wheel_id= ?"); $stmt->bind_param('i',$wheel_id); if($stmt->execute()) { $_array = array();//setup our result array $stmt->bind_result($wheel_name,$wheel_image,$wheel_category,$wheel_info); while($stmt->fetch()) { $_array[] = array( 'wheel_name'=>$wheel_name, 'wheel_image'=>$wheel_image, 'wheel_category'=>$wheel_category, 'wheel_info'=>$wheel_info );//write an array with each result rows information } $stmt->close(); foreach($_array as $key => $val) { //output the html/information to the view echo ' <div class="wheel_stuff"> <h1>'.htmlspecialchars($val['wheel_name']).'</h1> <div class="plft"><img src="images/'.htmlspecialchars(urlencode($val['wheel_image']).'" /></div> <div class="prt"> <p><strong>Category : </strong>'.htmlspecialchars($val['wheel_category']).'</p> <p><strong>Info : </strong>'.htmlspecialchars($val['wheel_info']).'</p> <div style="clear:both"></div> </div> <div style="clear:both"></div> </div> '; } } } } } //to call the function getWheelsByCar($car_id); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.