How to use an php array in an sql query ?

Question

litlemaster 0 Light Poster

14 Years Ago

Hello to all,
I am trying to execute a mysql query for selecting * rows from the table where user name = [one of the usernames stored in an array].

Ok. Sorry if I am not clear.
Now I have an array naming $users[].
I want to select all the users listed in $users[] from a mysql table.
Please tell me how can I do that.

php

8 Contributors
8 Replies
37K Views
10 Years Discussion Span
Latest Post 4 Years Ago Latest Post by mukesh_20

sureronald 0 Junior Poster

14 Years Ago

<?php
$users=array("sure","ronald","us");
$foundRows=array();
$query="SELECT * FROM users WHERE ";
foreach($users as $name)
{
$query="SELECT * FROM users WHERE name='$name'";
$res=mysql_query($query,$link);
while($row=mysql_fetch_assoc($res))
{
//Push the rows you have found to the foundRows array declared above
array_push($foundRows,$row);
}
}

print_r($foundRows);
?>

Hope it gives you an idea. But I think this solution will be ineffiecient if the array has so many users e.g 10,000

Edited 14 Years Ago by sureronald because: typo

jmo 0 Newbie Poster

14 Years Ago

You can also do this in a single query, instead of looping to make multiple queries. Just implode

$users=array("Vito","Joey","Vinny");

// glue them together with ', '
$userStr = implode("', '", $users);

$query="SELECT * FROM users WHERE name in ('$userStr')";

With the 'glue' we use, this produces a where clause that looks like this: WHERE name in ('Vito', 'Joey', 'Vinny'). The starting and ending single quote in the query wraps them all so the syntax is correct.

Edited 14 Years Ago by jmo because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

litlemaster 0 Light Poster · Answer 1 · 2010-03-11T22:36:02+00:00

litlemaster 0 Light Poster

14 Years Ago

a millon thanks to you for solving this.

developer707 7 Junior Poster in Training · Answer 2 · 2018-03-09T21:42:12+00:00

Hello,

What about the security of this method, is it considered SAFE?!
If not how it can be secured.

Thank you!

AndrisP 193 Posting Pro in Training · Answer 3 · 2018-03-10T06:14:43+00:00

@klaus.veliu - Safe version is

    $users=array("Vito","Joey","Vinny");
    $prep=str_pad("?",count($users)*2-1,",?"); // produce string '?,?,?'
    $sql = "SELECT * FROM `users` WHERE `name` in (".$prep.")";
    $stmt = $db->prepare($sql);
    $stmt->execute($users);
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);

or

    $users=array("Vito","Joey","Vinny");
    $sql = "SELECT * FROM `users` WHERE FIND_IN_SET(`name`,?)";
    $stmt = $db->prepare($sql);
    $stmt->execute([implode(",",$users)]);
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);

tanveer_7 0 Newbie Poster · Answer 4 · 2020-04-20T13:20:51+00:00

Please!!!! Sir tell if i want to find specific name form the database where a string of different name is lying throught SELECT query please can you help me how could I tackle this??

surveypacific 11 Newbie Poster · Answer 5 · 2020-04-21T03:35:40+00:00

hey litlemaster

you can check this out program

$query = "SELECT interests FROM signup WHERE username = '$username'";
$result = mysql_query($query) or die ("no query");
while($row = mysql_fetch_array($result))

echo $row['interests'];
echo "<br />";

may be this help you if not then tell me let you know more in deep

mukesh_20 0 Newbie Poster · Answer 6 · 2020-10-21T04:37:18+00:00

mukesh_20 0 Newbie Poster

4 Years Ago

Thank you.