Constructing mysql select from $_POST array

Question

This is the $_POST array from my form.

Array ( [prescribedid] => Array ( [0] => 1 [1] => 2 [2] => 3 [3] => 9 [4] => 13 )

I want to create a select for any of items in the Array. I have written this, which produces the proper SELECT, but the if() to eliminate a trailing OR makes it clunky.

$query = "SELECT * ";
$query .= "FROM prescribed WHERE ";

for($i=0; $i<count($_POST["prescribedid"]); $i++) {
    $query .= "prescribedid={$_POST['prescribedid'][$i]} ";
        if($i < (count($_POST["prescribedid"])-1)) {
        $query .= "OR ";
        }
}

It produces this:

SELECT * FROM prescribed WHERE prescribedid=1 OR prescribedid=2 OR prescribedid=3 OR prescribedid=9 OR prescribedid=13

Is there another way to group the SELECTS or write the FOR() to make it cleaner, i.e. without the last IF().

Tip: You can use IN in order to avoid multiple OR clauses. ...WHERE prescribedid IN (1,2,3,9,13).... — 1000111
– 1000111, Commented Aug 17, 2016 at 7:16
Tip: You need to use PDO or vaidate input. This code can be used for SQL injection. — ineersa
– ineersa, Commented Aug 17, 2016 at 7:18

Community · Accepted Answer · 2017-05-23 12:19:23Z

8

$values=implode(",",$_POST["prescribedid"]);
$query = "SELECT * FROM prescribed WHERE  prescribedid IN ($values)";

Sanitization is on you :)

edited May 23, 2017 at 12:19

CommunityBot

11 silver badge

answered Aug 17, 2016 at 7:17

Hanky Panky

46.9k9 gold badges76 silver badges95 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Passionate Coder · Accepted Answer · 2016-08-17 07:22:50Z

4

Hi You can Use In condition. use imploade function to find comma seoarated values

$data = array('prescribedid'=>array(1,2,3,9,14));
$query = 'SELECT * FROM prescribed WHERE  prescribedid IN (';
$query .= implode(',',$data['prescribedid']).')';
echo $query ;

Output

SELECT * FROM prescribed WHERE prescribedid IN (1,2,3,9,14)

answered Aug 17, 2016 at 7:22

Passionate Coder

7,3042 gold badges24 silver badges50 bronze badges

1 Comment

ʰᵈˑ Over a year ago

You don't need the string concatenation (and it may cause some confusion, especially in this layout.)

D Coder · Accepted Answer · 2016-08-17 12:55:27Z

4

Use MySQL IN clause

$ids = implode(",",$_POST["prescribedid"]);
$query = "SELECT * FROM prescribed WHERE  prescribedid IN ($ids)";

edited Aug 17, 2016 at 12:55

answered Aug 17, 2016 at 7:20

D Coder

5724 silver badges16 bronze badges

Comments

Indrasis Datta · Accepted Answer · 2016-08-17 07:20:14Z

2

You can simply use IN clause here.

Refer to MySQL IN clause

$query = "SELECT * FROM prescribed WHERE  prescribedid IN ".implode(',', $_POST["prescribedid"]);

edited Aug 17, 2016 at 7:20

answered Aug 17, 2016 at 7:19

Indrasis Datta

8,6182 gold badges18 silver badges32 bronze badges

Collectives™ on Stack Overflow

Constructing mysql select from $_POST array

4 Answers 4

Comments

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related