PHP - Best price?

[mwinter]

$dbConnection = mysql_connect($address, $username, $password);

You only need this once (it also occurs later). Choose which one you want to keep. You'll also need to select the database, or edit the SQL statements to qualify table names.

function getCheapestHandset($make, $handset, $dbConnection) {
    $statement = 'SELECT handsetid, handset, gift, tariff, xnet, offpeak, texts FROM $table'

Variables are not expanded in single quotes. Change them to double quotes.

echo("$cheapestHandset['handsetid']")

When accessing an array element during variable expansion, the expression must be surrounded by braces:

  "{$cheapestHandset['handsetid']}"

Mike

[nikomou]

Code:

Parse error: syntax error, unexpected T_VARIABLE in /home/crazy4/public_html/m4e5.php on line 24

PHP Code:

<?php
$getmake = $_GET['make'];

$address = "localhost";
$username = "xxxx";
$password = "xxxx";
$db = "xxxx";
$table = "xxxx";
$dbConnection = mysql_connect($address, $username, $password);

function getCheapestHandset($make, $handset, $dbConnection) { 
    $statement = "SELECT handsetid, handset, gift, tariff, xnet, offpeak, texts FROM $table WHERE make='{$make}' AND handset='{$handset}' ORDER BY total LIMIT 1"; 
    $resultSet = mysql_query($statement, $dbConnection); 
    if (!$resultSet) { /* Handle error */ } 

    $result = mysql_fetch_assoc($resultSet); 
    mysql_free_result($resultSet); 
    return $result; 
} 

function getHandsets($make, $dbConnection) { 
    $result = array(); 
    $statement = "SELECT DISTINCT handset FROM $table WHERE make='{$getmake}'" 
    $resultSet = mysql_query($statement, $dbConnection); 
    if (!$resultSet) { /* Handle error */ } 

    while (($row = mysql_fetch_row($resultSet))) $result[] = $row[0]; 
    mysql_free_result($resultSet); 
    return $result; 
} 

$make = mysql_real_escape_string($_GET['make'], $dbConnection); 
foreach (getHandsets($make, $dbConnection) as $handset) { 
    $cheapestHandset = getCheapestHandset($make, mysql_real_escape_string($handset), 
        $dbConnection); 
    echo("{$cheapestHandset['handset']}")
}

[mwinter]

Code:

Parse error: syntax error, unexpected T_VARIABLE in /home/crazy4/public_html/m4e5.php on line 24

function getHandsets($make, $dbConnection) {
$result = array();
$statement = "SELECT DISTINCT handset FROM $table WHERE make='{$getmake}'"

Missing semi-colon at the end of the expression statement.

foreach (getHandsets($make, $dbConnection) as $handset) {
/* ... */
echo("{$cheapestHandset['handset']}")

Again, a missing semi-colon.

Mike

[nikomou]

Made the semi colon ammendments, now get...

Code:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/crazy4/public_html/m4e5.php on line 27

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/crazy4/public_html/m4e5.php on line 28

PHP Code:

function getCheapestHandset($make, $handset, $dbConnection) {  
    $statement = "SELECT handsetid, handset, gift, tariff, xnet, offpeak, texts FROM $table WHERE make='{$make}' AND handset='{$handset}' ORDER BY total LIMIT 1";  
    $resultSet = mysql_query($statement, $dbConnection);  
    if (!$resultSet) { /* Handle error */ }  

    $result = mysql_fetch_assoc($resultSet);  
    mysql_free_result($resultSet);  
    return $result;  
}  

function getHandsets($make, $dbConnection) {  
    $result = array();  
    $statement = "SELECT DISTINCT handset FROM $table WHERE make='{$getmake}'";
    $resultSet = mysql_query($statement, $dbConnection);  
    if (!$resultSet) { /* Handle error */ }  

    while (($row = mysql_fetch_row($resultSet))) $result[] = $row[0];
    mysql_free_result($resultSet);
    return $result;
}  

$make = mysql_real_escape_string($_GET['make'], $dbConnection);  
foreach (getHandsets($make, $dbConnection) as $handset) {  
    $cheapestHandset = getCheapestHandset($make, mysql_real_escape_string($handset),  
        $dbConnection);  
    echo("{$cheapestHandset['handset']}");
} 


[mwinter]

Made the semi colon ammendments, now get...

Do you plan on making an effort to debug your own mistakes? So far, the only issue with the code I originally posted is a single missing semicolon.

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/crazy4/public_html/m4e5.php on line 27

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/crazy4/public_html/m4e5.php on line 28

If you'd looked at the SQL statements after variable expansion you'd have found out why.

PHP Code:

function getCheapestHandset($make, $handset, $dbConnection) {  
    $statement = "SELECT handsetid, handset, gift, tariff, xnet, offpeak, texts FROM $table WHERE make='{$make}' AND handset='{$handset}' ORDER BY total LIMIT 1"; 


The variable, $table, is not defined locally, so its value will be undefined. You have four options:

1. Use the $GLOBALS superglobal. Replace $table with {$GLOBALS['table']}.
2. Include a global declaration statement.
3. Include the table name literally.
4. Change the definition of the function to include a fourth argument and pass the table name in the call.

PHP Code:

    if (!$resultSet) { /* Handle error */ } 


I do hope you plan to add error handling at some point, both here and in the other function.

PHP Code:

function getHandsets($make, $dbConnection) {  
    $result = array();  
    $statement = "SELECT DISTINCT handset FROM $table WHERE make='{$getmake}'"; 


The same undefined variable issue applies here to both $table and $getmake, yet the latter is worse - much worse. You define $getmake to be the 'make' element value of the $_GET superglobal despite my warnings about SQL injection. The code I posted passes a sanitised representation of the 'make' query string parameter to the function (you can see the argument in the function declaration, above), and you choose to ignore it.

Mike