在新的mysql查询中嵌入现有的php记录集

Question

I have an existing recordset that retrieves all the information from a table in mysql called $rrows. What I am hoping to do is to use this existing recordset within a new mysql query.

For example I have the following line that retrieves the "product code" from one table:

<?php echo $rrows['productcode']; ?>

I am trying to then gather the respective images from a new table using this productcode by something similar to:

<img src="<?php

mysql_select_db("dbname", $con);
mysql_set_charset('utf8');

$result = mysql_query("SELECT * FROM furnimages WHERE productcode='$rrows['productcode']'");

while($row = mysql_fetch_array($result))
{
    echo '' . $row['photo'] . '';   
}
mysql_close($con);
?>">

Can this be done? Originally I was going to LINK tables together to get all the information, but this doesnt work as some of the product codes in the main do not have corresponding data in the 'furnimages' table.....

Thanks in advance! JD

Answer 1

sprintf() is your best friend here.

$sql = <<<sql
SELECT * FROM furnimages 
WHERE productcode=%d
sql;

$result = mysql_query(sprintf($sql, $rrows['productcode']));

So, %d is the placeholder in the string to swap in the second argument in the call to sprintf();

%d denotes an integer placeholder; if $rrows['productcode'] is a string, use %s.

This is better than simply quoting value of the variable as it adds a type constraint which reduces the risk of nasty sql injection.

It also makes it eminently more readable.

Check out the PHP Data Objects extension , though, because that really is the only way forward for this type of thing.