4

I'm trying to pull multiple rows from a single table. I'm trying to pull either all males or all females in different zip codes.

<?php
$zipCodes = array("55555", "66666", "77777", etc...);

$fetchUser = mysql_query("select * from users where gender = '$_POST[gender]' ".implode(" or zipCode = ", $zipCodes)." order by id desc");
while($var = mysql_fetch_array($fetchUser)) {
  code...
}
?>
Improve this question
2
  • I think you forgot to ask a question. What's the problem with your code? Commented Sep 26, 2012 at 7:44
  • Welcome to stackoverflow.. Please explain the problem you're having..There is no question in your posting. Commented Sep 26, 2012 at 7:45

2 Answers 2

Reset to default
2

You should use IN on this,

SELECT ...
FROM   tableName
WHERE gender = '$_POST[gender]' AND
      zipCode IN (55555, 6666, 77777)

currently your code is vulnerable to SQL Injection. Please read on PDO or MySQLI extension.

Read more on this article: Best way to prevent SQL injection in PHP
PHP PDO: Can I bind an array to an IN() condition?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
// Prevent SQL injection for user input
$fetchUser = mysql_query("select * from users where gender = '".filter_var($_POST[gender], FILTER_SANITIZE_STRING)."' OR zipCode IN (".implode(",", $zipCodes).") order by id desc");)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.