如何在PHP_MySQL中的SQL查询中使用数组值

Question

I am taking multiple values from user from a drop down list. I stored those values in an array in php. Everything is fine. Now I want to use these array values to query my database to give the desired results. My html code is

<select multiple name="equipment[]">
    <option  value="all">ALL</option>
    <option  value="helmet">HEMLMET</option>
    <option  value="boots">BOOTS</option>
    <option  value="jacket">JACKET</option>
    <option  value="flask">FLASK</option>
</select>

$equipment=$_POST['equipment'];

I used this piece to store values.

Now based on one or more values in the array; I want filter my query.

Select w,x,y,z from table_a inner join table_b where table_a.w="the values in array";

I tried using foreach to loop through, but its taking only the last value. thank you for your help.

Answer 1

Keep in mind that HTML, PHP, and MySQL are three different processing environments, so none of them share the same memory (variables) or code (eg loops).

Roughly in order:

1. HTML can "pass" values to PHP through URLs and form posts (and other HTTP methods)
2. PHP can "pass" values to MySQL by printing its variables into the MySQL "query string" ( beware of MySQL string injection )
3. MySQL returns its data to PHP , based on the query string, through the query engine.
4. PHP can "pass" values to HTML by printing its variables into the HTML output.

So, to get the variable selections to MySQL from PHP, you need to compose a "query string" that looks for all of the answers.

It will look something like this:

SELECT w,x,y,z
FROM table_a
INNER JOIN table_b
WHERE table_a.w IN ('helmet', 'boots', 'jacket');

See MySQL Expression syntax for more help on this.

To build it, you will need to be VERY CAREFUL to read the "MySQL string injection" (where a person using your web page can change the calls your database makes) question linked above, since you are taking the values from the "user"/"client" (through a URL or form post).

The answers to Can I bind an array to an IN() condition? have some good suggestions for how to build a query string with array values while preventing injection attacks.

Answer 2

It's the IN clause you are looking for:

select * from tableA inner join on tableB on ... where tableA.w in ('value1', 'value2')

You can use a loop or implode() function in php to generate the in clause. Just be mindful that if you select only 1 item in the control, then $_POST['equipment'] will be a string, not an array. So, use is_array() to determine if multiple values were selected.

Answer 3

<form action='somepage.php' method='POST'>
    .
    .
    <select multiple name="equipment[]">
        <option  value="all">ALL</option>
        <option  value="helmet">HEMLMET</option>
        <option  value="boots">BOOTS</option>
        <option  value="jacket">JACKET</option>
        <option  value="flask">FLASK</option>
    </select>
    .
    .
</form>

somepage.php

<?
$equipment=$_POST['equipment'];

$TotalEquipment=sizeof($equipment); //Count total number of equipements selected
$values=""; //initialize values as empty.

for($i=0;$i<$TotalEquipment;$i++)
{
    $valu=$equipment[$i];
    if($i==0)
    {
        $values="'".$valu."',";
    }
    else
    {
        $values=$values."'".$valu."',";
    }
}

$values=rtrim($values, ","); //For removing last comma (,) from the string

$Query="SELECT w,x,y,z 
        FROM table_a
        INNER JOIN table_b
        WHERE table_a.w IN ($values)";

//Here, execute your $Query with appropriate mysql functions

?>

Enjoy Coding. Cheers.