1

I'm using the code provided in answer https://stackoverflow.com/a/5203351/1711950 to handle different combinations of SQL WHERE clauses:

$vars = array(
    (!empty($_GET["var1"]))? " keyword = '". $_GET["var1"] ."' ": null, 
    (!empty($_GET["var2"]))? " author  = '". $_GET["var2"] ."' ": null,
    (!empty($_GET["var3"]))? " date    = '". $_GET["var3"] ."' ": null,
    (!empty($_GET["var4"]))? " forums  = '". $_GET["var4"] ."' ": null
);


function myfilterarray($var)
{
    return !empty($var)?$var: null;
}

$newvars = array_filter($vars, 'myfilterarray');

$where = join(" OR ", $newvars);

$sql = "SELECT DISTINCT title, description FROM table ".(($where)?"WHERE ".$where: null);

echo $sql;

The code works when each GET parameter is a single value like this:

http://example.com/getData.php?keyword=a1

I want to be able to handle this scenario:

http://example.com/getData.php?keyword=a1,b1,c1,a2,b2,c2

Therefor I've modified the code like this:

(!empty($_GET["var1"]))? " keyword IN ('". $_GET["var1"] ."') ": null

That off course makes the SQL query look like this, which won't work because of the quotations.

SELECT * FROM table WHERE keyword IN ('SE162321000156-3PQZ,SE2321000164-7381037592311')

How could I get around this problem?

Thanks!

Improve this question
2
  • 1
    you try to get rows from database where keyword exactly is 'SE162321000156-3PQZ,SE2321000164-7381037592311'. As fast and dirty workaround you can use $in = "'".preg_replace('/,/',"','",$v)."'" or $in = "'".implode("','",explode(',',$v))."'"; Commented Nov 30, 2016 at 21:17
  • Thanks for answering my question! Commented Nov 30, 2016 at 21:38

2 Answers 2

Reset to default
2

You have to split the values , put quotation marks around them and concatenate the string back together. This is a very very basic example:

$foo = (!empty($_GET["keyword"]))? $_GET["keyword"] : null;
$foo = explode(",", $foo);
$fooArray = [];
foreach( $foo as $fooElement ) {
    $fooArray[] = "'$fooElement'";
}
$foo = implode(",", $fooArray);

echo $foo; // output: 'a1','b1','c1','a2','b2','c2'
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks, but that gave me ''a1','b1','c1','a2','b2','c2'' though.
Mhm not if I execute the exact same code as I've posted it. Did you change sth.?
I don't now what "sth." is but I changed "keyword" to the parameter I'm using.
Ah! Yes, you don't need the quation marks at the end and the beginning of the sql string: keyword IN (". $foo .") should do the trick as the elements are already wrapped
btw "sth." = something :)
0 
$arr = explode(",",trim($_GET["var1"]));
$var = "";
for($i=0;$i<sizeof($arr);$i++)
{
    if($i == (sizeof($arr)-1))
    {
        $var .= "'".$arr[$i]."'";
    }
    else
    {
        $var .= "'".$arr[$i]."',";
    }
}

Now you can use $var inside your query, i.e IN($var)

Improve this answer

3 Comments

Thanks, but that gave me Parse error: syntax error, unexpected ')', expecting ';' on line 3
@RawlandHustle I have re-edited the code. Kindly check.
Sorry, but it doesn't work for me. I have pasted the whole code I've taken from another question/answer. Could you put your code in it like it supposed to be?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.