Insert a database value into an array

Hi,
I have a script that uses a product called PHPDocX, I'm trying to insert an image name from a database based on a $POST value:

?php
$servername = "localhost";
$username = "antony";
$password = "*******";
$dbname = "templatemadness";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
$sql = 'SELECT
id,
letter_logo_image
FROM
template_header
WHERE
[b]id = ******************';//this will need to be a $POST value from index.php[/b]
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        
        echo  $row["letter_logo_image"];//to prove it works!
    }
} else {
    echo "0 results";
}

?>
<?php  echo  $row["letter_logo_image"]; ?>
<?php
require_once 'Classes/Phpdocx/Create/CreateDocx.inc';
require_once 'Classes/Phpdocx/Elements/WordFragment.inc';


$docx = new Phpdocx\Create\CreateDocx();
$docx->modifyPageLayout('A4', array('numberCols' => '1','marginRight' => '400','marginLeft' => '400', 'sectionNumbers' => array(2) ));
//create a Word fragment with an image to be inserted in the header of the document
$imageOptions = array(
	[b]'src' => 'images/***imagename from database***', //this needs to pull the image name from 'letter_logo_image'[/b]
	'dpi' => 600,
);

$headerImage = new Phpdocx\Elements\WordFragment($docx, 'defaultHeader');
$headerImage->addImage($imageOptions);
$docx->addHeader(array('default' => $headerImage));

Open in new window

Tony PearceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris StanyonWebDevCommented:
Easiest way is to just drop the POST value directly into your query:

$myId = filter_var($_POST['id'], FILTER_VALIDATE_INT);
$sql = "SELECT id, letter_logo_image FROM template_header WHERE id = $myId";

Open in new window

If you go this route, make sure you sanitize and error check the POST value before running the query to prevent any malicious attempts to hijack your script (SQL Injection etc).

An alternative and more secure way is to use a prepared query.
Tony PearceAuthor Commented:
Cool, that works, how do then insert the 'letter_logo_image' into the array:

$imageOptions = array(
	'src' => 'images/***imagename from database***', //this needs to pull the image name from 'letter_logo_image'
	'dpi' => 600,
);

Open in new window

Chris StanyonWebDevCommented:
Here's the Prepared statement way of doing it:

$stmt = $conn->prepare("SELECT letter_logo_image FROM template_header WHERE id = ?");
$stmt->bind_param("i", $_POST['id']);
$stmt->bind_result($letterLogo);

$stmt->execute();
$stmt->fetch();

echo $letterLogo;

Open in new window

It assumes you only need to retrieve one record so there's no loop. It executes the query and stores the returned value in the $letterLogo variable which you can use later on:

$imageOptions = array(
	'src' => 'images/' . $letterLogo,
	'dpi' => 600,
);

Open in new window

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Chris StanyonWebDevCommented:
Just assign the value to a variable after you've fetched it:

$row = $result->fetch_assoc();
$letterLogo = $row['letter_logo_image'];

...

$imageOptions = array(
	'src' => 'images/' . $letterLogo,
	'dpi' => 600,
);

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Julian HansenCommented:
Just to add to Chris' post - you cannot assume that the post variable exists. Also if there is a case where ID is not an integer value you might want a more generic approach

I would do this
// If you are certain it will be an INT then you can do this
// $myId = isset($_POST['id']) ? filter_var($_POST['id'], FILTER_VALIDATE_INT) : false;
// Otherwise
$myId = isset($_POST['id']) ? $conn->real_escape_string($_POST['id']) : false;

if (!$myId) {
   // Code for what you want to do if no id is present, Show all records or error out
}
else {
   $sql = "SELECT id, letter_logo_image FROM template_header WHERE id = '{$myId}'";
}

Open in new window

EDIT: removed orphan code from text
Tony PearceAuthor Commented:
PERFECT...
I learnt something as well. great answer
Tony PearceAuthor Commented:
Thanks for the help, ....
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.