Php SQL查询中的数组?
我在WHERE子句中使用数组进行SQL查询时遇到问题 例如: 我的阵列:Php SQL查询中的数组?,php,mysql,Php,Mysql,我在WHERE子句中使用数组进行SQL查询时遇到问题 例如: 我的阵列: $myarray[1] = "hi"; $myarray[2] = "there"; $myarray[3] = "everybody"; 我的MySQL声明: SELECT * FROM myTable WHERE title='".$myarray[]."' 有没有办法实现这一点? 我自己这样解决的: for(...) { $where = $where." title='".$myarray[$count]."'
$myarray[1] = "hi";
$myarray[2] = "there";
$myarray[3] = "everybody";
SELECT * FROM myTable WHERE title='".$myarray[]."'
for(...) {
$where = $where." title='".$myarray[$count]."' OR ";
}
$where = substr($where , 0, -3);
.....
SELECT * FROM myTable WHERE ".$where."
$myarray[1] = "'hi'";
$myarray[2] = "'there'";
$myarray[3] = "'everybody'";
$newarray = implode(", ", $myarray); //makes format 'hi', 'there', 'everybody'
SELECT * FROM myTable WHERE title IN ($newarray);
您可以在操作符中使用
。您希望它看起来像:
title IN ('hi', 'there', 'everybody')
所以你会做一些类似的事情:
$sql = "SELECT * FROM myTable WHERE title IN '" . implode("','", $myarray) . "';"
请注意,您需要首先筛选数组中的SQL注入问题。您可以在WHERE
子句中尝试使用IN
SELECT * FROM myTable WHERE title IN ('hi', 'there', 'everybody');
或
“OR”是SQL中的魔鬼,即使是一个很小的请求也会减慢速度。别忘了foreach($key=>$val)$myarray[$key]=mysql\u real\u escape\u string($val)我想他需要在数组的字符串中加引号..哦,是的,我真蠢。我会编辑我的answer@njaknjak这显然是错误的答案。您不必手动添加引号,这是PHP的工作。你必须逃出斯特林斯汉克斯,伙计。你救了我的命。。。
SELECT * FROM myTable WHERE title IN ('.implode(',', $myarray).');
$myarray[1] = "hi";
$myarray[2] = "there";
$myarray[3] = "everybody";
//every quoted string should be escaped according to SQL rules
foreach($myarray as $key => $val) {
$myarray[$key] = mysql_real_escape_string($val);
}
$in_str = "'".implode("', '", $myarray)."'"; //makes format 'hi', 'there', 'everybody'
SELECT * FROM myTable WHERE title IN ($in_str);