I have the following arrays and I would like to convert each one of them into individual strings. In other words, break the array into individual pieces.
$formatsArray = $_POST['formats'];
$topicsArray = $_POST['topics'];
This is because I would like to include the individual strings in the following query "
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%'";
$run_query = mysqli_query($con, $resources);
This is because format expect an individual string for comparison, such as lets assume the array is
["video", "blogs", "articles"], it wouldn't work if format was to be compared with video,blogs,articles but rather video, blogs or articles.
I hope this is clear, and for any clarification, please advise.
All the best,
Update:
$formats = explode(',', $formatsArray);
$topics = explode(',', $topicsArray);
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";
update:
$run_query = mysqli_query($con, $resources);
while($row = mysqli_fetch_array($run_query)) {
$data[] = array(
'format' => $row['format'],
'title' => $row['title'],
'costs' => $row['cost'],
'stage' => $row['stage'],
'topic' => $row['topic'],
'link' => $row['link']
);
}
Answer:
Ignoring the necessity of prepared statements, you could do: $formats = implode('","', $formatsArray);
$topics = implode('","', $topicsArray);
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format IN(".$formats.") AND topic IN(\"".$topics."\") ";By adding the " before and after each , when you implode each array, your array would become e.g.video","blogs","articlesSo, we need to add the " to the beginning and end of each IN list. This will make the final query like:select * from resources where
stage LIKE '%".$stage."%'
AND format IN("video","blogs","articles") AND ...
Answer:
I think this would do it. This also will resolve the injection hole by using prepared statements.
$query = 'select * from resources where ';
if(!empty($_POST['formats'])){
foreach($_POST['formats'] as $key => $format) {
$query .= 'stage LIKE :stage' . $key . ' or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
$query .= 'topic LIKE :topic' . $key . ' or ';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
echo $query;
print_r($execute);
//$stmt = $mysqli->prepare($query);
//$stmt->execute($execute);
} else {
echo 'You must search for something';
}
Gives you a query of
select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3
and bound values of:
Array
(
[:stage0] => %test%
[:stage1] => %test1%
[:topic0] => %value1%
[:topic1] => %value2%
[:topic2] => %value3%
[:topic3] => %value4%
)
Here's the initial code I had for when I thought the data was paired..
foreach($formats as $key => $format) {
$topic = $topics[$key];
$query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
No comments:
Post a Comment