can you see what is wrong on this query? I have been watching it for really long time and I can't see it.
ERROR:
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version
for the right syntax to use near ''' at line 1
$sql="SELECT country_name FROM countries WHERE country_id IN (";
foreach($cartContentVsDatabase as $key => $val){
$sql.= $key['country_id'].",";
}
")";
Some issues:
You have a trailing comma in your country list,
countries should be quoted as strings,
you are accessing the values from the key instead of the value part of the array elements.
you have a dangling closing parenthesis, which does nothing.
You should not even inject country strings, as that makes your code vulnerable for code injection: use prepared statements.
Here is code you could use:
// first put the countries in an array
foreach($cartContentVsDatabase as $key => $val){
$countries[] = $val['country_id'];
}
// create a list of `?`: one for every country
$in = join(',', array_fill(0, count($countries), '?'));
// use that in the query
$sql="SELECT country_name FROM countries WHERE country_id IN ($in)";
// Prepare the statement (this is PDO syntax)
$statement = $pdo->prepare($select);
// Pass the countries as parameter values, and execute
$statement->execute($countries);
See this Q&A for more on prepared statements in the context of this in (...) clause.
try this,
change ")"; to $sql.= ")";
$array_count = count($cartContentVsDatabase);
$temp_count = 0;
$sql="SELECT country_name FROM countries WHERE country_id IN (";
foreach($cartContentVsDatabase as $key => $val){
$temp_count++;
if($array_count < $temp_count)
{
$sql.= $val['country_id'];
}
else
{
$sql.= $val['country_id'].",";
}
}
$sql.= ")";
You could make your life a lot easier by
$sql= "SELECT country_name FROM countries WHERE country_id IN (".implode(",",array_column($cartContentVsDatabase,"country_id")). ")";
You can (and probably should) use a prepared query e.g. like the one below:
$sql= "SELECT country_name FROM countries WHERE country_id IN (".implode(",",array_fill(0,count($cartContentVsDatabase),"?")). ")";
and then bind the contents of $cartContentVsDatabase when you execute.
In your code you are not concatenate ")"; properly at the end. you can also store data into array and than use implode() for comma separated values like:
Example:
<?php
$sql = "SELECT country_name FROM countries ";
$countries = array();
foreach($cartContentVsDatabase as $key => $val){
$countries[] = $val['country_id']; // store country id in your array
}
if(count($countries) > 0){
$countrylist = implode("','",$countries); // implode all country list with comma.
$sql .= "WHERE country_id IN ('$countrylist')";
}
echo $sql; // print your query.
?>
Still i don't know, $key['country_id'] is the correct one or not, i think this should be $val['country_id'].
Related
I have a table that contains information such as names, email-addresses, numbers etc.
Let's pretend that I have 30 contacts by the same name but they all live in different cities . How do I split the comma and replace it with and ....
Example
SELECT * WHERE name %$searchString% OR city %$searchString%...
Now if $searchString contains comma
SELECT * WHERE name %$searchString% OR city %$searchString%... AND SELECT * WHERE name %$searchString2% OR city %$searchString2%...
The $searchString2 contains information that's separated with comma.
Update
I want to search each row over and over again as many times as commas exist.
I'm sorry that I can't explain myself
This depends on whether you want to return rows where name or city match the search values exactly (=), or rows where any part of name or city match the search values (LIKE).
Regardless of which one you need, you can start out by converting your search string into an array of strings like this:
$strings = array_map('trim', explode(',', $searchString));
The array_map('trim'... ensures that you don't try to match any spaces before or after the commas in your comma-separated search string.
Here are examples for how to execute your query using prepared statements in PDO. First, full matches using IN:
$phs = rtrim(str_repeat('?,', count($strings)),',');
$stmt = $pdo->prepare("SELECT * FROM your_table WHERE name IN ($phs) OR city IN ($phs)");
// double the string values to us in both INs
$values = array_merge($strings, $strings);
$stmt->execute($values);
and partial matches using LIKE:
$sql = '';
foreach ($strings as $string) {
$sql .= ' name LIKE ? OR city LIKE ? OR';
$values[] = $string;
$values[] = $string;
}
$stmt = $pdo->prepare('SELECT * FROM your_table WHERE' . rtrim($sql, ' OR'));
$stmt->execute($values);
You need to use WHERE IN in SQL statement.
SELECT * WHERE name LIKE '%$searchString%' AND city IN ('city1', 'city2', 'city3'...)
Here is the good discussion on how to do it in PHP: Passing an array to a query using a WHERE clause
Something like this?
You will need to escape/clean the value of searchString.
<?php
// $searchString = "Cardiff,London,New York";
$SQL = 'SELECT * FROM table WHERE ';
$searchStrings = explode(',',$searchString);
$SQLArray = array();
foreach($searchStrings as $searchString) {
$SQLArray[] = "name LIKE '%$searchString%'";
$SQLArray[] = "city LIKE '%$searchString%'";
}
$SQL .= implode(' OR ',$SQLArray);
// print $SQL;
?>
I tried
$sql = "update ad_group_keyword set status = :status where google_id not in (:google_id)";
Yii::$app->db->createCommand($sql)
->bindValue(':status', Constants::DELETED)
->bindValue(':google_id', join(',',$googleIds), \PDO::PARAM_INT)
->execute();
but it turned the array of ids into one giant string, despite the PDO::PARAM_INT. I also tried
->bindValue(':google_id', $googleIds)
but it gave an 'Array to string conversion' in vendor/yiisoft/yii2/db/Command.php:172. I ended up using
$sql = "update ad_group_keyword set status = :status where google_id not in (" . join(',',$googleIds) . ")";
I suggest use QueryBuilder for this function:
$command = Yii::$app->db->createCommand();
$result = $command->update( // create a update sql
'ad_group_keyword', // table
['status'=>1], // update set
['NOT IN', 'google_id', [1,2,3]] // where
)->execute();
You can read the \yii\db\Command::update() DOC, and how to set condition
You shouldn't have a join in there at that place. That is where it is being turned into a string. You want to iterate through your list of ids and bindValue each one to the variable in turn.
You'll need to bind each of the array values individually. Something like this:
$sql = "UPDATE ad_group_keyword
SET status = :status
WHERE google_id NOT IN(%s)";
$bindValues = array();
$i = 0;
foreach ($googleIds as $value)
{
$bindValues[':googleId'.$i++] = $value;
}
$sql = sprintf($sql, join(', ', array_keys($bindValues)));
$sqlCommand = Yii::$app->db->createCommand($sql);
$sqlCommand->bindValue(':status', Constants::DELETED);
foreach ($bindValues as $key => $value)
{
$sqlCommand->bindValue($key, $value, \PDO::PARAM_INT);
}
$sqlCommand->execute();
However, I'm only basing this example on your code and I'd look into Yii's manual to see if there already isn't a method that does all of this work for you ... it shouldn't be that hard to safely execute an SQL query using IN().
I'm currently making a cart and i'm having trouble with my SQL query below:
$sql="SELECT * FROM component WHERE componentID IN (";
foreach($_SESSION['cart'] as $id => $value) {
$sql.=$id.",";
}
$sql=substr($sql, 0, -1).")";
$query=mysql_query($sql) or die(mysql_error());
So i'm trying to check the SESSION items with my database items using a select and a foreach. The code loops through the SESSION and adds the componentID to the SELECT, which is then taken into the substr function to remove the last comma (e.g. removing '001,002*,*'. I'm sure the syntax is right, however I keep getting a syntax error which is:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '00004,00007)' at line 1
Can anyone see what i'm doing wrong here?
I think this line is your problem:
You could also simplify the process of making the comma separated set of id's as ccKep suggests:
$sql .= implode(",", $_SESSION['cart']) . ")";
The complete code looks like this:
$sql="SELECT * FROM component WHERE componentID IN (";
$sql .= implode(",", $_SESSION['cart']) . ")";
$query=mysql_query($sql) or die(mysql_error());
This will get the values from $_SESSION['cart'] - if you really want the indexes of the array, as you first coded it, there's this option:
$sql="SELECT * FROM component WHERE componentID IN (";
$sql .= implode(",", array_keys($_SESSION['cart'])) . ")";
$query=mysql_query($sql) or die(mysql_error());
array_keys() will extract the indexes of the array and ignore the values. If you want the values, stick to my first suggestion.
Try this one:
$sql = "SELECT * FROM component WHERE componentID IN (";
foreach($_SESSION['cart'] as $id => $value) {
$some_temp_array[] = $id;
}
$sql .= implode(',', $some_temp_array).")";
I am trying to run a query to determine if a column A is true. If its true, get the contents of a different column B (possible array separated by ",") and use those contents to query a different table. My problem is, column B may be one number or may be 10 numbers all separated by "," and I need to query the second table for a column for each of the numbers of the previous query. If someone can help that would be great.
edit: I tried to use the array explode function but can't figure out how to query the next table to include those values.
I picture it being something like
query = select * from table where location = arrayValue[1] or location = arrayValue[2]
Adaptation of Telmo Marques here but improved :
<?php
//Let's say $bcolumn is a string with the values of B column, separated by colons
$bcolumnArray = explode(",", $bcolumn);
array_walk($bcolumnArray, 'htmlentities');
//Build SQL query
$SQL = 'SELECT * FROM table';
if(count($bcolumnArray)){
$SQL.= ' WHERE IN ("'.implode('", "', $vbcolumnArray).'")';
}
//Query your second table here
$Qry = mysql_query($sql);
// Results here :
while($Res = mysql_fetch_assoc($Qry)){
print_r($Res);
}
?>
I would suggest PDO also... take a look : PDO.
Use PHP's explode() function to transform your string into an array.
<?php
//Let's say $bcolumn is a string with the values of B column, separated by colons
$bcolumnArray = explode(",", $bcolumn);
//Build SQL query
$sql = "SELECT * FROM table WHERE ";
for($i=0; $i < count($bcolumnArray); $i++)
{
$sql .= "location = " . $value;
if($i != count($bcolumnArray)-1)
{
$sql .= " or ";
}
}
//Query your second table here
mysql_query($sql);
?>
Documentation: http://php.net/manual/en/function.explode.php
I'm trying to build a query using php and mysql,
$query = "select * from products where product_name = '$item_name'";
this works when $item_name holds only one name, but $item_name is an array and based on the user's interaction can contain multiple names, how can I make the query to run for multiple name and get the resulted rows.
Thanks in advance
Here's how you could build a safe list of names for inserting into an IN clause...
if (is_array($names) && count($names))
{
$filter="('".implode("','" array_map('mysql_real_escape_string', $names))."')";
$sql="select * from products where product_name in $filter";
//go fetch the results
}
else
{
//input was empty or not an array - you might want to throw an
//an error, or show 'no results'
}
array_map returns the input array of names after running each name through mysql_real_escape_string to sanitize it. We implode that array to make a nice list to use with an IN clause.
You should always ensure any data, particularly coming directly from the client side, is properly escaped in a query to prevent SQL injection attacks.
$vals = implode(',',$item_name);
$query = "select * from products where product_name in (".$vals.");";
Give that a try.
$query = "select * from products where product_name in(";
foreach($item_name as $name)
{
$query .= "'" . $item_name . "', ";
}
$query = substr($query, 0, strlen$query) - 2);
$query .= ");";
First answer (by inkedmn) is really the best one though
foreach($item_name as $name) {
$query = "select * from products where product_name = '$name'";
//whatever you want to do with the query here
}
something like that ought to do it.
Based on inkedmn's response (which didn't quote the item names):
$query = 'select * from products where product_name in ("' . implode('", "', $item_name ) . '")';
Although you may be better with a fulltext search.
http://dev.mysql.com/doc/refman/5.1/en/fulltext-search.html