the unforgiving: foreach()

boionfire81 · July 18, 2017, 3:41am

Error:
Invalid argument supplied for foreach() (2)

Code:
[embed=425,349]if(isset($_POST[‘submit’])) {
foreach($_POST[‘set’] as $name => $value) {
$db->query(“UPDATE settings SET conf_value = '”.mysql_real_escape_string($value)."’ WHERE conf_name = ‘".$name."’");
}
$set=array();
$settq=$db->query(“SELECT * FROM settings”);
while($r=$db->fetch_row($settq)) {
$set[$r[‘conf_name’]]=$r[‘conf_value’];
}
$saved = true;
}[/embed]

php 5.6

This right here is one of my worst enemies. What I do know about php has been self taught through hands on work, research, failures, and friends.

Yes, I’m looking for a solution, but hopefully a lesson in what exactly foreach is.

benanamen · July 18, 2017, 5:58am

What is your worst enemy is the obsolete dangerous code that has been completely removed from Php that you are using. You need to use PDO with prepared statements.

https://phpdelusions.net/pdo

boionfire81 · July 18, 2017, 2:49pm

PDO change over would not be cost effective at this moment. The script is a commercial script, and I would prefer to keep things cheap (not do an entire overhaul) until it is launched and deems the costly revamp.

What can I do for the mysqli/php 5.6?

Strider64 · July 18, 2017, 4:13pm

That to me is like trying to put a bandaid on the hole the iceberg made on the Titanic. It’s going to sink anyways. :o

Anyways I have no idea why you’re using a foreach loop on a $_POST statement?

I would just pull it maybe doing something like this way?
[php]$data[‘name’]= htmlspecialchars($_POST[‘name’]);[/php]

as for doing the obsolete way I can’t help you and I think updating to the new way isn’t that big of overhaul but that’s my opinion.

but here’s how I update using PDO :
[php] $db = DB::getInstance();
$pdo = $db->getConnection();
$query = ‘UPDATE cms SET heading=:heading, content=:content, date_updated=NOW() WHERE id =:id’;
$stmt = $pdo->prepare($query);
$result = $stmt->execute([’:heading’ => $data[‘heading’], ‘:content’ => $data[‘content’], ‘:id’ => $data[‘id’]]);[/php]

Maybe that will help you doing the obsolete way, but probably not?

JimL · July 18, 2017, 8:57pm

It would seem like (the lack of) error handling is your worst enemy, you don’t check if anything is what you expect it to be ($_POST[‘set’] being set, that it is an array, that your queries are successful, etc)

You are fine with mysqli, but you should defintely change to use prepared/parameterized queries. Moving the parameters out of the query will clean your code of all those ugly “real escape string” calls.

boionfire81 · July 19, 2017, 8:23pm

It’s not a home made script. And not full open source. Add on to it, this a plug and play “module”. A chat room setup, written in js, jq, and php. The main source actually is the one which changes out the mysql_real_escape.

Originating function
[php]function escape($text)
{
return mysqli_real_escape_string($this->connection_id, $text);
}
[/php]

Combined with the foreach()
[php]if(isset($_POST[‘submit’])) {
foreach($_POST[‘set’] as $name => $value) {
$db->query(“UPDATE settings SET conf_value = '”.mysql_real_escape_string($value)."’ WHERE conf_name = ‘".$name."’");
}
$set=array();
$settq=$db->query(“SELECT * FROM settings”);
while($r=$db->fetch_row($settq)) {
$set[$r[‘conf_name’]]=$r[‘conf_value’];
}
$saved = true;
}[/php]

I’ve never used PDO. I considered it as a good alternative awhile ago (while I was trying to learn this system AND php) but did not seem like a good idea to change an entire scripts database structure when I could barely read the php I was learning at the moment. lol.

I actually have 2 forms of error handlers on this. One debug and one to email me when/if an error occurs.

Problem is, I do not understand the foreach(). I’ve learned it is a loop, such as while(), but could not tell you the difference. But rather than instructions on foreach(), I get details on other functions

Even if I were to change it, I would need to know something about foreach() to know what I’m suppose to be recoding. But nada.

JimL · July 19, 2017, 9:30pm

http://php.net/manual/en/control-structures.foreach.php

[php]$users = [
[‘id’ => 1, ‘name’ => ‘boionfire81’],
[‘id’ => 2, ‘name’ => ‘JimL’]
];

foreach($users as $user) {
echo $user[‘name’];
}[/php]

boionfire81 · July 19, 2017, 9:34pm

[php]$users = [
[‘id’ => 1, ‘name’ => ‘boionfire81’],
[‘id’ => 2, ‘name’ => ‘JimL’]
];[/php]

Is pulled from a db with almost 100+ cells. And is modified on the fly. To hardcode each “user” or “setting” is rather difficult.

The data is pulled from the users table to define a billion ways for room qualifications/entrance (as multiple options can be used for each room). But the posted info is then placed to settings which is verified against each logged in users details. Then the appropriate chat box displayed.

JimL · July 19, 2017, 9:46pm

I was just showing how the foreach works since you said you had trouble understanding it.

The problem in your original post “Invalid argument supplied for foreach() (2)” was as I mentioned that you did not seem to verify that $_POST[‘set’] was what you expected. I assume it’s supposed to be an array as you try to loop over it, the error says you did not pass it an array though.

boionfire81 · July 19, 2017, 9:56pm

Ok, so possibly the location of the scripting is simply out of order?

Definitions can be easy if the variable is know. I figured foreach() was different as when I see it is always unknown variables.

What would you suggest?