I have a PHP variable that looks like this for example:
$list = "12|421|466|501|1042|"
What I wanna do is to match each number with a field in my database table.
SELECT * FROM tableName WHERE id = any of the numbers in $list
Which is the simplest way to do this?
Use this SQL:
SELECT * FROM tableName WHERE id IN (12, 431, 466, 501, 1042)
Use explode(), implode() to convert your list to a comma separated list.
Use IN like this:
"SELECT * FROM tableName WHERE id IN (".str_replace('|', ',', substr($list, 0, -1)).")"
use replace to replace | into comma and remove the last | so that you could get the string in
correct format
$list = str_replace('|',',',$list);
$query = "select * from table where ID in ($list)";
SELECT * FROM table WHERE id LIKE '%$list%'
not so sure | is a good seperator. maybe u should try setting it into an array.
guy below got it!!!
This should work:
<?php
$list = "12|421|466|501|1042|";
$items = array_filter(
array_map( 'trim', explode( "|", $list ) ),
function( $item ) {
return $item != ''; // filter empty values.
}
);
$query = 'SELECT foo FROM bar WHERE id IN ( ' . implode( ', ', $items ) . ' );';
echo $query;
if you wan the combined result you can use IN statement like:
SELECT * FROM tableName WHERE id IN ( $cat = str_replace("|", "," , $list) )
Or if you want the separate results you have to iterate through all the values.
$array = preg_split( "\\|" , $list );
foreach ($array as $value) {
SELECT * FROM tableName WHERE id = $value
}
SELECT * FROM tableName WHERE id IN ('.str_replace('|',',',$list).');
it will repalce all | with , and then you can run query with IN condition to get desired records..
Related
We have made a search field where you can search for ingredients and find recipes.
For now you can only type in 1 ingredient:
if (isset($_POST['search'])) {
$searchquery = $_POST['search'];
$query = mysql_query("SELECT * FROM opskrifter WHERE id IN
(SELECT opskrifterid FROM ingredienser WHERE ing_name IN ('$searchquery'))") or die("search failed");
We want to be able to search for multiple ingredients in the same search field by seperating the ingredients with a "," or something like this.
Is there a simple way to make that happen ?
EDIT:
We tried to use explode like this without succes.
$searchTerms = explode(' ', $searchquery);
$searchTermBits = array();
foreach ($searchTerms as $term) {
if (!empty($term)) {
$searchTermBits[] = "ing_name '$term'";
}}
...
$result = mysql_query("SELECT * FROM opskrifter WHERE id IN (SELECT * FROM WHERE ".implode(' AND ', $searchTermBits)));
Thanks! :)
You could simply get the user to type in his values comma-separated, the the input would be almost in the right syntax for the query. You just have to add semicolons around the values because you search for a string in your table.
You can use PHP's str_replace()-Function:
$vals = $_POST['search'];
$valsFormatted = "'" . str_replace(",", "','", $vals) . "'";
In this code, you replace all the commas of the input with the comma plus semicolons before and behind them in orderto wrap all values of the input with semicolons. You also have to add one at the beginning and at the end of the string. Replace the first comma in the function above with the char you want your users to separate the values with.
After that, you can simply change your query to the following:
$query = "SELECT * FROM opskrifter WHERE id IN
(SELECT opskrifterid FROM ingredienser WHERE ing_name IN ('$valsFormatted'))";
Please also be informed, that your code like this is vulnerable for SQL Injections! Check out this link to learn how to prevent this.
A simple statement like this would work:
$array = implode("','",explode($_POST['search'], ","));
$query = mysql_query("SELECT * FROM opskrifter WHERE id IN (SELECT opskrifterid FROM ingredienser WHERE ing_name IN ({$array}))") or die("search failed");
First explode your search, then implode it (might not even need to do so). After that make sure the array gets used as the 'in' operator as a string/array.
For more information about this, you could read this question: PHP/MySQL using an array in WHERE clause
The working copy from my local machine was this;
$_POST['search'] = "0, 1, 2";
$array = implode ( "','", explode ( ",", $_POST['search'] ) );
$query = mysql_query("SELECT * FROM users WHERE id IN ('$array')") or die(mysql_error());
var_dump ( $array );
var_dump ( $query );
var_dump ( "SELECT * FROM users WHERE id IN ('$array')" );
var_dump ( mysql_fetch_array ( $query ) );
which actually did return users, so if we would take this example and change it to your code, it would be (the query, at least):
$query = mysql_query("SELECT * FROM opskrifter WHERE id IN (SELECT opskrifterid FROM ingredienser WHERE ing_name IN ('$array'))") or die(mysql_error());
Do take note of the changed $array variable too.
First you need to convert the text coming from the search field to array with:
$string = $_POST['search'];
$array = explode( '"' , $string);
So if you put in the search: test"hello"hi
the array will be:
1 => test,
2 => hello,
3 => hi
After that, you need to use the SQL format:
WHERE column_name IN (value1,value2,...)
So you need to change the array we have created to a string with this format:
$string = implode(',',$array);
So the echo of $string will be:
test,hello,hi
and SQL will be :
WHERE column_name IN ($string)
$color is array
$sql=" SELECT * FROM products WHERE color IN (".implode(',', $color).")";
its showing result is
SELECT * FROM products WHERE color IN (red,green,blue);
SELECT * FROM products WHERE color IN ('red','green','blue');
Update your query like as
$sql="SELECT * FROM products WHERE color IN ('".implode("','", $color)."')";
//^^ ^^ ^^ ^^ Added
Try this:
$sql = "SELECT * FROM products WHERE color IN ('".implode("','", $color)."')";
Use It like this:
$sql = "select * from products where color IN ('".implode("','", $color)."')";
While using ' around implode and "','" as a glue works like a charm in this situation you can also use array_map to surround each value of the array with ' and then implode with simple ,
$color = ['red', 'green', 'blue'];
$string = implode(
',',
array_map(
function ($value) {
return "'{$value}'";
},
$color
)
);
echo $string; // => 'red','green','blue'
It might be overkill in this case and it may be a little slower than other answers.
i have this array and get it from from an url. this array is member id that i need to pass to mysql.
$member_id = $_GET['member_id'];
the array like this : Array ( [0] => 1269 [1] => 385 )
how can i transfer this array into my mysql statement and make , become AND :
$answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id = ['1269' , '385']
ORDER BY tna_answer.question_id");
should i put bracket?..
in this part : tna_answer.member_id = Array or $member_id
As others have said, you can use IN() but you are apparently open to SQL injection attacks as it is. You need to do this:
$escaped_ids = array_map('mysql_real_escape_string', $member_ids);
Or, if they are surely all integers
$escaped_ids = array_map('intval', $member_ids);
Then, you can write your query like:
$query = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '" . mysql_real_escape_string($section_id1) . "'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $escaped_ids).")
ORDER BY tna_answer.question_id";
Never, never, never put unescaped values in your query.
Also, you should not be using the mysql_ functions anymore. Please consider using the mysqli_ functions instead.
First split the array value, get no. of rows in the array value and pass the value one by one into the query by using for or foreach loop.
try this
$member_id = $_GET['member_id'];
If you're already getting comma seprated values then there's no need to use explode function just use implode function in database query.
$member_id = explode(",", $member_id);
and then
answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $member_id).")
ORDER BY tna_answer.question_id");
the explode function create array it depends on you explode value with comma OR space and then implode mean join these values with comma OR space.
for more detail explode and implode.
you can use IN clause of mysql like this
$your_array = array("0"=>"1269", "1"=>"385");
$in_text = implode(",", $your_array);
$sql = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN ($in_text)
ORDER BY tna_answer.question_id";
Use PHP and MySQL. I have an array, P, which contains the value of possible category number of products. In my table it also have the field "category" which stored category number and the others. What I want is to SELECT data in all rows which field "category" have any value in array P.What should I do?
For example
P=[1,7,13]
SELECT * FROM table WHERE category=P[1] OR categry=P[2] OR category=P[3]....
Use:
$categories = implode(', ', $p); // Where $p is the array
SELECT * FROM table WHERE category IN ($categories)
Try implode() function :
$sql = "SELECT * FROM table WHERE category IN (".implode(",", $P).")"
You should use IN keyword:
SELECT * FROM table WHERE category IN (p[1], p[2], p[3])
with implode:
$categories = implode(',', $P);
Use string concatenation:
$P = array(1, 7, 13);
$query = "SELECT * FROM table WHERE category=".$P[1]." OR
category=".$P[2]." OR category=".P[3]."....";
or
$query = "SELECT * FROM table WHERE category={$P[1]} OR
category={$P[2]} OR category={P[3]}....";
I am trying to select stories for my mysql database Where the author variable is equal to a list of names.
I basically have a list of names that I want use in determining what stories to pull.
$names = "name1 name2 name3 name4"
$get_stories = mysql_query("SELECT * FROM glnce_stories WHERE author = '$names' ORDER BY id DESC");
I know that this isn't the right way to do but I was looking for some solutions on how I might be able to break that list up so I can have it pull from the authors in that $names variable.
Thanks!
If you aren't able to change the format of the $names variable, this should work:
$names = 'name1 name2 name3 name4';
$names = '"' . implode('","', explode(' ', $names)) . '"';
$get_stories = mysql_query('SELECT * FROM glnce_stories WHERE author IN(' . $names . ') ORDER BY id DESC');
comma separate the names and then
use "WHERE author in (" . $names . ")";
You should use WHERE field in (list) like this:
$names = "'name1', 'name2', 'name3', 'name4'";
$get_stories = mysql_query("SELECT * FROM glnce_stories WHERE author in ($names) ORDER BY id DESC");
So, your query should look something like this: SELECT * FROM glnce_stories WHERE author in ('Bob', 'Steve', 'Andrey', 'Mike', 'Jenna')
Rewrite your code as follows:
$names = "name1 name2 name3 name4";
$names = "'".implode ("','", array_map('mysql_real_escape_string', explode(' ', $names))."'";
$get_stories = mysql_query("SELECT * FROM glnce_stories WHERE author in ($names)");
You can use FIND_IN_SET() for that if you want to be lazy. You will just have to turn your names list into a comma-separated string:
$names = "name1,name2,name3,name4";
mysql_query("SELECT * FROM stories WHERE FIND_IN_SET(author, '$names')"
That's maybe easier than a list of OR conditions or preparing a proper string list for an IN clause. (You can _real_escape_string the whole comma separated list, instead of each name.)