PHP hates me

J

joerocket23

Weaksauce
Joined
Sep 15, 2007
Messages
88
So I have a form that does all sorts of cool things after submission. One of the cool things it does is select a random entry from one table, but makes sure that the random selection has never been seen by the email address entered in the form. If someone enters the same email address everytime, they will never see the same random selection twice.

This is how I have tried to do it:

PHP: 
if ($_SESSION['size'] = small){
	$q= $db->query("SELECT id FROM small WHERE type = '$_POST[typeMe]' ORDER BY RAND()LIMIT 1");
		while ($row =$q->fetchrow()) {$id = "$row[0]";}
	$q= $db->query("SELECT seenMessages FROM records WHERE email = '$_POST[email]'");
		while ($row =$q->fetchrow()) {$seenMessages = "$row[0]";}
	$var = unserialize ($seenMessages);

		//$id is the random message, compare versus $var...the array with all the previous messages for the given email address
		while(in_array("$id", $var) == 1){
			$q= $db->query("SELECT id FROM small WHERE type = '$_POST[typeMe]' ORDER BY RAND()LIMIT 1");
				while ($row =$q->fetchrow()) {$id = "$row[0]";}
			$q= $db->query("SELECT seenMessages FROM records WHERE email = '$_POST[email]'");
				while ($row =$q->fetchrow()) {$seenMessages = "$row[0]";}
			$var = unserialize ($seenMessages);
			}
	//get the info for the randomly selected ID 	
	$q= $db->query("SELECT email, name, type, message FROM small WHERE id = '$id'");
		*/
		}

(I will eventually get rid of RAND() and use another method for random entry)

So I have this serialized array stored in a table linked with someones email address. When they enter their email address, it pulls that serialized array, unserializes it, then finds a random $id that is not in that array. Later in the code, it updates that array, serialzes it and updates it for that email address.

This works great when the form is submitted through PHP_SELF. However, if I had the exact same code in another page (action="page2.php"), it throws a warning about the datatype in the second arguement of in_array.

Exact same code, but it does not work when going through a different page.

If I print out the values such as $id and $var that are being operated on before the while statement, they are exactly as I would expect them to be.

Any suggestions?

Thanks,

Ryan
 
Is $seenMessages being initialized or is the value being passed properly when the form isn't being submitted from PHP_SELF?
 
First of all, never, ever, EVER use GET/POST/REQUEST variables directly in queries. EVER. Escape them.

Do a bit more testing and be sure that this is really the problem. Since you're using Random Data, it's possible you came up with different scenarios on different times.

Also, why do you pull var/seenMessages repeated times? Since you're using $_POST, the variable will never change.
 
Thanks for the help. The issue was related to some code way before where the parser was complaining. I screwed something up when a new email address was entered into the table. The seenMessages array wasnt getting inserted correctly, so that loop didnt have an array to search in. Fixed this and it was good to go.

I think that when everything was on one page, the loop still had access to the values in the variable that was inserted into the DB as seenMessages. When the loop was on a seperate page from the original variable, it didnt have that array anymore and the error became apparent.

This was my first attempt at using SQL with PHP, so I wanted to plan the logic and get things working before going back and sanitizing input. Thanks for the reminder!

Thanks for the help!
 
some things i'd like to point out:

i tend to avoid putting serialized data in the database when possible. now there are always exceptions and it always depends on the exact situation but if it's just a simple array it might be worth making a separate table for the array data

if ($_SESSION['size'] = small)
is assigning a value to $_SESSION['size'], not testing equality, you need ==, not =
also i'm assuming you replaced your actual value with `small` for brevity's sake

when you're getting a value from an indexed array and not concatenating it with anything else there is no need to do
"$row[0]"
you can just do
$row[0]
without the double quotes. there is a slight overhead with double quotes since php has to evaluate it for variables. granted this is not something that one would notice except in the most extreme cases but there are 2 fewer characters to type, which is reason enough for me ;). syntax for associative arrays/hash tables are slightly different when it comes to unquoted vs. inside of quotes though so keep that in mind.

on a forum note, it is generally easier to read
Code: 
 tags instead of [php] tags simply due to the color scheme.
 
Wow...thanks for the advice tim_m...thats some helpful stuff.

Good call with the missing equality operator...I am not sure how it was functioning correctly with that the way it was.

Why do you avoid using serialized arrays in the database? This seemed like a pretty slick solution to me...lol

Check and check on the quotes for row[0] and php tags in the forum...thanks!
 
You must log in or register to reply here.
Back
Top