Problem with select statement using OOP in PHP

**utsav** · August 12th, 2009, 05:39 AM

Well i am trying to get the number of rows that match the criteria in the table. Here is my code. It shows nothing. someone please help me asap. Well i modified the code that i made for fetching data. I dunno where i went wrong. I am amateur to OOP .

PHP Code:


<?php

$conn=mysql_connect('localhost','root','') or die("Could not connect to server.");
$db=mysql_select_db("career",$conn) or die("Database recess not found.");

class Database
{
    public function selects($table, $rows, $where)
    {
        $q = 'SELECT '.$rows.' FROM '.$table;
        if($where != NULL)
            $q .= ' WHERE '.$where;
        

        $query = @mysql_query($q);
        $counts = @mysql_num_rows($query);
        return $counts;
        
    }
    public function getResult()
    {
        return $this->result;
    }
} 

    $show = new Database();
        $show->selects("jobs","id","`city` = 'Nepalgunj'");
    $show->getResult();

?>

**icio** · August 12th, 2009, 10:03 AM

Your class doesn't make much sense. The `getResult` method is redundant -- it retuns a property that doesn't exist ($this->result). What you want to do is take the count straight from a `count` method:

PHP Code:


<?php

$conn=mysql_connect('localhost','root','') or die("Could not connect to server.");
$db=mysql_select_db("career",$conn) or die("Database recess not found.");

class Database
{
    public function count($table, $where = '')
    {
        $table = escape($table);
        if ($where) {
            $where = ' WHERE '.$where;
        }
        
        $q = "SELECT COUNT(*) FROM $table$where;";
        return mysql_result($q, 0);
    }
    
    public function escape($str)
    {
        return mysql_real_escape_string($str);
    }
} 

    $show = new Database();
    echo $show->count("jobs","`city` = 'Nepalgunj'");

?>

Hope that helps

**utsav** · August 14th, 2009, 03:30 AM

Thanks for the reply but i do not get the result.
When i tried your code it gives error like:
Fatal error: Call to undefined function escape() in G:\Xampp\htdocs\career\check-count.php on line 10

So I tried commenting the escape function you created and even commented the line that says:

PHP Code:


$table = escape($table);

Then it gives me error as

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in G:\Xampp\htdocs\career\check-count.php on line 16

What do i do?

**utsav** · August 14th, 2009, 03:32 AM

I even tried this:

PHP Code:


<?php

$conn=mysql_connect('localhost','root','') or die("Could not connect to server.");
$db=mysql_select_db("career",$conn) or die("Database recess not found.");

class Database
{
    public function count($table, $where = '')
    {
       // $table = escape($table);
        if ($where) {
            $where = ' WHERE '.$where;
        }
        
        $q = "SELECT COUNT(*) FROM $table $where;";
        return @mysql_result($q, 0); //return @mysql_query($q,0);
    }
    
   // public function escape($str)
   // {
   //     return mysql_real_escape_string($str);
   // }
} 

    $show = new Database();
    echo $show->count("jobs","`city` = 'Nepalgunj'");

?>

Now it does not show error, but it doesnot show the result either.

**jwilliam** · August 14th, 2009, 12:53 PM

Put the escape code back in (it's vitally important) and change

$table = escape($table);

to

$table = $this->escape($table);

You should escape the $where variable too:

$where = $this->escape($where);

In fact, you should escape any user-fed data that is inserted into a mysql query. Google "sql injection attacks" for more info on this.

That should resolve the first issue. The second issue (if it is still there) has something to do with your query. Post it and we'll have a look.

Thanks...

**utsav** · August 15th, 2009, 12:20 AM

i know about the sql injection. But just wanted to check this since it was not being found by the query. Will get to know u if the change helps

**utsav** · August 15th, 2009, 09:42 PM

same problem exists.

**utsav** · August 18th, 2009, 05:07 AM

Some body help

**icio** · August 18th, 2009, 08:18 AM

Three things:

We do not spend our lives on this forum (as much as we perhaps wish we could).
Do not demand help. Who the hell are you to demand anything from us?
It should come as no surprise to you that there are still errors when you are ignoring the advice of jwilliam:
1. Do not comment out any lines, use:
  Code:
```
$where = $this->escape($where);
```
2. If you are still getting the "invalid MySQL resource" error post your damn query.

**utsav** · August 18th, 2009, 01:02 PM

Originally Posted by icio

Three things:

We do not spend our lives on this forum (as much as we perhaps wish we could).
Do not demand help. Who the hell are you to demand anything from us?
It should come as no surprise to you that there are still errors when you are ignoring the advice of jwilliam:
1. Do not comment out any lines, use:
  Code:
```
$where = $this->escape($where);
```
2. If you are still getting the "invalid MySQL resource" error post your damn query.

First I thought forums were for help. secondly if i have a problem in PHP I always thought KIRUPA was a nice place to seek for some expert advice. Third, after so long in this forum, All i ever got was just the help that was totally not looked for.
Fourth, I tried the soln jwilliam gave and since it didnt work i asked for help aain since it gave me the same error.

AND LAST,
U better keep ur mouth shut if u dont have the answer, u dont need to interfere on others thread. And Kirupa lately has become the place for idiots like you who keep abusing people who seek help in wht they dont know. If u cant help, "GET LOST" I guess u made all your posts abusing those people who were looking for help on Kirupa.
I pity on you icio.

P.S I solved the problem and it wasnt help from you people. And all the questions i have put in this forum have more or less been unanswered or answered just for the sake of it. I think i had been expecting more from this site. Specially then when there are bunch of Idiots like you. Once again
"GET LOST"

**jwilliam** · August 18th, 2009, 03:13 PM

Calm down, dude. icio has been around a lot longer than you and has helped me out a couple times with some of his posts, so don't get all uppity.

About your problem... it looks like you're creating a link to the database and then trying to use that link inside your object. The problem with this is that object methods have their own scope, so you can't use that mysql link resource. You were also using mysql_result improperly... you first have to call mysql_query. Try this:

PHP Code:




<?php



class Database

{

    private $conn;



    public function Database()

    {

      $this->conn = mysql_connect('localhost','root','') or die("Could not connect to server.");

      mysql_select_db("career",$conn) or die("Database recess not found.");

    }



    public function count($table, $where = '')

    {

        $table = $this->escape($table);

        if ($where) {

            $where = ' WHERE '. $this->escape($where);

        }

        

        $q = "SELECT COUNT(*) FROM $table $where;";

        $result = mysql_query($q, $this->conn);

        return(mysql_result($result, 0));

    }

    

    public function escape($str)

    {

        return mysql_real_escape_string($str);

    }

} 



    $show = new Database();

    echo $show->count("jobs","`city` = 'Nepalgunj'");



?>

I didn't test that code... but it should get you on the right track.

**utsav** · August 18th, 2009, 11:26 PM

Thanks jwilliam, I'll take a look at the code and let you know if it works, It's not tht i have a problem with icio, and i know he is here from a long time and has been helping but the way he responded, it was wht got me. and i had not been getting answers for my other threads too so, i thought this was becoming helpless forum.

Thanks again

**utsav** · August 18th, 2009, 11:27 PM

And i did it without class using just funtion and it worked. But still will check this and get to u

**icio** · August 19th, 2009, 05:49 AM

Alright dude, I'm just going to ignore both our rants and focus on the problem of you not getting the positive feedback that you're looking for from your threads.

I've looked through each of the threads that you have started and you are not wrong in saying the advice you get back is not always the most helpful. Largely it seems with your threads that either:

You come up with the solution yourself;
You do not get a solution by some "urgent" deadline and use some other approach; or
You give up

(with a couple of exceptions (like this one).) I'm sorry that being on the forum has been such a negative experience for you. I think, however, it is neither that you have lucked-out on having people around the forum or that people are in pissy or unhelpful moods when they have come across your threads.

One detail screams out at me, one that features largely in this thread, and that is this: you need to provide more details regarding your query. This should always include your entire script (not the three lines that you assume to be the problem) and each of the error messages that you receive. If it's a HTML page that you're trying to fix/edit, then put it online so that people can view the page, view the problem and view the source.

The next issue (as also features in this thread) is the way in which you respond to replys from other kirupians. I'm not talking about rants such as the one in this thread or

Originally Posted by utsav

Is this forum so dumb?
Or is everybod very lazy ?

but you need to follow up replys with more information, specifically if it is asked for.

The first error that you recieved describe in this thread was my fault: you required "$this->" before the call to `escape()`. The second error was with your SQL query and was likely a result of the first error. JWilliams kindly pointed these out to you and said that if you were still having problems you should post back with more details. A simple

Originally Posted by utsav

same problem exists.

does not suffice.

I think if you follow my advice you will realise a significantly higher rate of success.