-1

I have the following arrays and I would like to convert each one of them into individual strings. In other words, break the array into individual pieces.

  $formatsArray = $_POST['formats'];
      $topicsArray = $_POST['topics'];

This is because I would like to include the individual strings in the following query "

  $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%'";


      $run_query = mysqli_query($con, $resources);

This is because format expect an individual string for comparison, such as lets assume the array is ["video", "blogs", "articles"], it wouldn't work if format was to be compared with video,blogs,articles but rather video, blogs or articles.

I hope this is clear, and for any clarification, please advise.

All the best,

Update:

$formats = explode(',', $formatsArray);
      $topics = explode(',', $topicsArray);


      $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";

update:

$run_query = mysqli_query($con, $resources);


  while($row = mysqli_fetch_array($run_query)) {

    $data[] = array(
      'format' => $row['format'],
      'title' => $row['title'],
      'costs' => $row['cost'],
      'stage' => $row['stage'],
      'topic' => $row['topic'],
      'link' => $row['link']
    );
  }

Update

  include('db.php');


  $query = 'select * from resources where ';
  $query .= 'stage LIKE :stage and';
  $execute[':stage'] = '%' . $stage . '%';
  if(!empty($_POST['formats'])){
  foreach($_POST['formats'] as $key => $format) {
      $query .= 'format LIKE :format' . $key . ' and ';
      $execute[':format' . $key] = '%' . trim($format) . '%';
  }
  }
  if(!empty($_POST['topics'])){
  foreach($_POST['topics'] as $key => $topic) {
      $query .= 'topic LIKE :topic' . $key . ' and ';
      $execute[':topic' . $key] = '%' . trim($topic)  . '%';
  }
  }
  $query = rtrim($query, ' and ');
  if(!empty($execute)) {
      $stmt = $con->prepare($query);
      $stmt->execute($execute);
  } else {
      echo 'You must search for something';
  }


      while($row = mysqli_fetch_array($query)) {

        $data[] = array(
          'format' => $row['format'],
          'title' => $row['title'],
          'costs' => $row['cost'],
          'stage' => $row['stage'],
          'topic' => $row['topic'],
          'link' => $row['link']
        );
      }
Improve this question
10
  • 1
    So a comma is the separator? Use explode then iterate through the array and build your query. Use prepared statements. Commented Aug 31, 2015 at 0:51
  • thanks for the response. the comma is not a seperator. in the db, you have for instance "video" or "blogs" or "articles" for example, so if the array is implode with a comma such as video,blogs,articles it wouldn't match any entry. could you elaborate a bit more on your solution Commented Aug 31, 2015 at 0:54
  • 1
    Not implode, explode. So you have $_POST['formats'] which is video,blogs,articles right? So if you explode on , then iterate through that array you will have each term separately.. Commented Aug 31, 2015 at 0:56
  • thanks i have added an update at the bottom of my initial post. how would i proceed with the next step Commented Aug 31, 2015 at 1:01
  • $formats and $topics always have the same number of elements? Commented Aug 31, 2015 at 1:03

2 Answers 2

Reset to default
1

Ignoring the necessity of prepared statements, you could do:

  $formats = implode('","', $formatsArray);
  $topics = implode('","', $topicsArray);

  $resources = "select * from resources where
                stage LIKE '%".$stage."%'
                AND format IN(".$formats.") AND topic IN(\"".$topics."\") ";

By adding the " before and after each , when you implode each array, your array would become e.g.

video","blogs","articles

So, we need to add the " to the beginning and end of each IN list. This will make the final query like:

select * from resources where
stage LIKE '%".$stage."%'
AND format IN("video","blogs","articles") AND ...
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

$formatsArray isn't a PHP array in the OPs post. Explode first and then implode with quotes. Also, in the query you've escaped the quotes around $topics but not around $formats. This might be confusing.
Thank you, @onik -- I guess the variable name threw me off. :P And the missing escaped quotes was totally my bad, thanks for catching.
thanks. i unfortunatetly get the following error: trim() expects parameter to be string, array given
@user3907211 Sorry about that -- I thought your $formatsArray was a string. Answer is edited and should work now -- although it looks like @chris85's answer did the trick for you.
1

I think this would do it. This also will resolve the injection hole by using prepared statements.

$query = 'select * from resources where ';
if(!empty($_POST['formats'])){ 
foreach($_POST['formats'] as $key => $format) {
    $query .= 'stage LIKE :stage' . $key . ' or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
    $query .= 'topic LIKE :topic' . $key . ' or ';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
    echo $query;
    print_r($execute);
    //$stmt = $mysqli->prepare($query);
    //$stmt->execute($execute);
} else {
    echo 'You must search for something';
}

Gives you a query of

select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3

and bound values of:

Array
(
    [:stage0] => %test%
    [:stage1] => %test1%
    [:topic0] => %value1%
    [:topic1] => %value2%
    [:topic2] => %value3%
    [:topic3] => %value4%
)

Here's the initial code I had for when I thought the data was paired..

foreach($formats as $key => $format) {
    $topic = $topics[$key];
    $query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}

A few links on prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php

Improve this answer

19 Comments

thanks. not too familiar with prepared statement. why //$stmt = $mysqli->prepare($query); //$stmt->execute($execute); commented out
Oo you can uncomment that, that was just for an example of how to use it. I don't have a DB set up so can't execute.
should i comment out echo $query; print_r($execute);
thanks. just one minor request. because i wasn't really familiar with prepared statement i ommited included the following code, i have added under my initial post. would any change have to be made to them?
Okay, first please unaccept my answer. You should accept an answer when it works. Going forward what array are you referring to, isn't $_POST['formats'] a string? If not then how did $formats = explode(',', $formatsArray); work?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.