stackoom
  简体   繁体   中英

Passing array of values from form to sql query WHERE IN clause

 原文  2012-08-11 11:20:32       php/ mysql/ arrays/ forms

Question

I have a form with a number of checkboxes, which are generated from unique values in a MySQL table: 

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php
    $query5="SELECT distinct from_user from tracks WHERE uploaded_page='$this_path_short' ORDER BY from_user";
    $result5=mysql_query($query5) or die(mysql_error());
    while ($row = mysql_fetch_array($result5)) {
        $from_user = $row['from_user'];
        echo "<input type=\"checkbox\" name=\"from_user[]\" value=\"AND ".$from_user."\" checked=\"checked\">".$from_user."<br>";
    }
?>
<input type="submit" name="submit" value="filter"><br>

I would then like to pass the array of 'from_user' values to another MySQL query on the page. I can get the values like this: 

$names=implode(" ", $_POST['from_user']);

But I am not sure how to include this array in the following MySQL query: 

$query1="SELECT * FROM tracks WHERE from_user IN **array goes here**)";

2 answers

solution1
 0  

$query1='SELECT * FROM tracks WHERE from_user IN ('.implode(',',$_POST['from_user']).')';

solution2
 0  2012-08-11 11:35:14

Remove the AND so the checkbox value looks like this: 

echo "<input type=\"checkbox\" name=\"from_user[]\" value=\"".$from_user."\" checked=\"checked\">".$from_user."<br>";
    }

IN expects comma separated values: 

$names=implode(",", $_POST['from_user']);    
$query1="SELECT * FROM tracks WHERE from_user IN (".$names."))";

!!!! BUT: Please, please, please use prepared statements because your code is wide open to SQL Injection: http://php.net/manual/de/mysqli.prepare.php 

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* check connection */
if (mysqli_connect_errno()) {
  printf("Connect failed: %s\n", mysqli_connect_error());
  exit();
}

$result = null;
$names = implode(",", $_POST['from_user']);  

/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM tracks WHERE from_user IN (?)")) {

  /* bind parameters for markers */
  $stmt->bind_param("s", $names);

  /* execute query */
  $stmt->execute();

  /* bind result variables */
  $stmt->bind_result($result);

  /* fetch value */
  $stmt->fetch();

  print_r($result);

  /* close statement */
  $stmt->close();
}

/* close connection */
$mysqli->close();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Codeigniter issue with escaping values when passing array to query with “in” in the where clause Passing an array to a query using a WHERE clause Query Database with Where Clause depending on array values How to make a where clause where the value is an array from a previous sql query PHP generate sql where clause from array Passing variable to sql WHERE IN clause passing array in where clause in join Running a mysql query multiple times using values from an array in the WHERE clause How to pass array values in where clause of mysql query? Laravel query builder return multiple column values in where array clause
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM