Page 1 of 1

I hate arrays

Posted: Wed Sep 27, 2006 6:13 am
by blacksnday
for the third time in 2 weeks I am stuck with a problem dealing with
arrays/foreach/etc... and its driving me nutz.

I really hate arrays!

anyways, my problem this time is basically the same as other times:
how to get a foreach to output all in array without having to use echo or print!

For this current problem, what I am trying to do is get and hold all
values inside of

Code: Select all

$_REQUEST
and use those values for internal error reporting purposes,
hence why I dont want it echo'd or printed out for public viewing.

This is what I am trying to attempt:

Code: Select all

foreach ($_REQUEST as $k => $v) 
{
   echo "<br />$k = $v";
}
If you use that and lets say you have the URL OF:
http://yoursite.com/file.php?member=nonmember&comment=4
it would show as:

Code: Select all

member = nonmember
comment = 4
Any possible way to get and hold all values then use when I need to
such as a mysql insert, without use of echo or print?

Re: I hate arrays

Posted: Wed Sep 27, 2006 6:27 am
by timvw
blacksnday wrote: how to get a foreach to output all in array without having to use echo or print!
Afaik echo and print are the only functions that allow you to `output`. (Or you would have to open STDOUT and fwrite into that...)

If you want to display the contents of an array: print_r.



You might want to rephrase the rest of your post since it was absolutely not clear (to me) what your you were trying to say.

Posted: Wed Sep 27, 2006 6:27 am
by Mordred
You appear to have some misconception about how arrays are used. I didn't get what exactly you are trying to do, but here's an example on inserting things in a database:

Code: Select all

$value1 = mysql_real_escape_string($_REQUEST['value1']);
mysql_query("INSERT INTO `table` SET `value1`='$value1' ");

$_REQUEST['value1'] is the way to get something out of an array.

Posted: Wed Sep 27, 2006 6:44 am
by blacksnday
Mordred wrote:You appear to have some misconception about how arrays are used. I didn't get what exactly you are trying to do, but here's an example on inserting things in a database:

Code: Select all

$value1 = mysql_real_escape_string($_REQUEST['value1']);
mysql_query("INSERT INTO `table` SET `value1`='$value1' ");

$_REQUEST['value1'] is the way to get something out of an array.
Thats close to what I am attempting, however in my case, and since it is for
error reporting, I will never be sure what is in the $_REQUEST.

If a user stumbles upon an error triggered by my error class,
then I am wanting to record the error into sql, along with any
$_REQUEST that was attempted as the error was generated.

I do not want to show the user what the $_REQUEST was
and since the Error Reporting is dynamic, I cant pre-define what is in the
$_REQUEST['array']

So how can I get the values from the $_REQUEST without knowing before hand what they are
and without displaying the values publicly?

The below code works to get and show all values, however it only works by publicly displaying the values.

Heres my flow:

Code: Select all

foreach ($_REQUEST as $k => $v) 
{
//this echo will show all values in $_REQUEST
echo "<br />$k = $v";

//this $full_request will only show the last values in $_REQUEST
$full_request = "$k = $v";
}

mysql_query("INSERT INTO error_log (request) VALUE ('$full_request')");
does this make any more sense to anyone other then myself what I am trying to do?

Posted: Wed Sep 27, 2006 6:48 am
by volka
try

Code: Select all

$full_request = '';
foreach ($_REQUEST as $k=>$v) {
	$full_request .= mysql_real_escape_string("$k = $v ");
}
$query = "INSERT INTO error_log (request) VALUE ('$full_request')";
mysql_query($query) or die(mysql_error().' : '. $query);
see http://www.php.net/language.operators.string
and http://www.php.net/mysql_real_escape_string

Posted: Wed Sep 27, 2006 6:52 am
by blacksnday
volka wrote:try

Code: Select all

$full_request = '';
foreach ($_REQUEST as $k=>$v) {
	$full_request .= mysql_real_escape_string("$k = $v ");
}
$query = "INSERT INTO error_log (request) VALUE ('$full_request')";
mysql_query($query) or die(mysql_error().' : '. $query);
see http://www.php.net/language.operators.string
and http://www.php.net/mysql_real_escape_string
thank you!
grr... another easy solution to my problem that drove me nutz :D

p.s.
I do sanitze all input in all my code, however since I use my own functions/classes
I normally take out that sanitation to ease confusion whenever I post code onto forums

Posted: Wed Sep 27, 2006 7:32 am
by Mordred
For such quick "internal" dumps, you may also do

Code: Select all

$full_request = mysql_real_escape_string(print_r($_REQUEST, true));
$query = "INSERT INTO error_log (request) VALUE ('$full_request')"; 
mysql_query($query); // or die(mysql_error().' : '. $query);
(Btw the "or die" part kinda defeats the purpose of not displaying the code to the user, isn't it :) )

Posted: Wed Sep 27, 2006 8:39 am
by Weirdan
For such quick "internal" dumps, you may also do....
or

Code: Select all

var_export($var, true);

Posted: Wed Sep 27, 2006 9:25 am
by blacksnday
Mordred wrote:For such quick "internal" dumps, you may also do

Code: Select all

$full_request = mysql_real_escape_string(print_r($_REQUEST, true));
Thats a great idea, and will help me solve some problems in other areas.
Mordred wrote: (Btw the "or die" part kinda defeats the purpose of not displaying the code to the user, isn't it :) )
already taken out :P

Weirdan wrote:

Code: Select all

var_export($var, true);
var_export and var_dump are looking more and more like things I will need to
learn and apply very soon.


Thanks for helping me solve my problem everyone!

Posted: Wed Sep 27, 2006 10:18 am
by onion2k
It'd be more sensible, in my opinion, to use serialize() as serialize() is specifically for generating a storable representation of a variable while var_dump() and print_r() are really just for screen ouput. var_export() is alright, but it creates PHP code and I don't like storing code in a database. Asking for trouble that is.