0

As a newbie I'm struggling with calling a variable, I have a MySQL SELECT query with a WHERE clause:

WHERE table_name.j_group_id IN ('".$jgroup."')

but it does not return any results. The table_name.j_group_id is 11 and if I print_r the $jgroup array it returns:

Array ( [0] => 1 [1] => 8 [3] => 2 [4] => 11 )

so 11 is within the array, but why does it not work?

If I change the SELECT query to:

WHERE table_name.j_group_id IN (2, 11, 14, 18) it works as expected.

Just as a background, the $jgroup returns the Joomla users Authorised Groups. I have created Groups for each team, the Group ID has been manually added to the users details within the tables, when a team manger logs in, their Groups ID (picked up from with $jgroup) will match their team members (same Groups ID) and they will have access to their content. This is so I can have one editable page, accessible by all managers, but will only display the staff under that manager.

Thanks in advance and I hope it makes sense!

Improve this question
3
  • Based on the small PHP snippet you've provided, it is likely that your code is vulnerable to a critical SQL injection vulnerability. Use Parameterized Queries instead of concatenating PHP variables directly into your queries to mitigate this. Commented Jul 31, 2020 at 15:09
  • It looks like you are not implementing secure querying practices and Joomla has dedicated helper methods specifically for this purpose. Please post all Joomla questions on Joomla Stack Exchange. Commented Sep 11, 2020 at 14:01
  • Comprehensive advice at JSE: joomla.stackexchange.com/a/22898/12352 Commented Oct 11, 2020 at 22:23

2 Answers 2

Reset to default
0

The problem is probably caused by the format of your array.

You could try to structure the array before you add it into your query.

$jGroupList = implode(",",$jgroup);
$query .= "WHERE table_name.j_group_id IN (".$jGroupList.")

For debugging stuff like that it always helps to print out the acutal query your code creates an test that one.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Thanks Chris, I've just been looking again at it and found the solution;

WHERE table_name.j_group_id IN (".implode(',', $jgroup).")

Has worked, thanks for taking the time to answer though.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.