How to search a database with an array

Question

I want to search the row(venue_id) of a database with an array ($valueIDArray).

Is this the right way to do this?

$query = "SELECT * FROM venue_booking
WHERE venue_id = $valueIDArray";

If venue (from your other question) and venue_booking are two tables in the same database you are much better off combining them into one query with a join, and avoiding any extra work for you the programmer, and for the php and sql servers too. — James, May 13 '14 at 18:51

score 0 · Answer 1 · edited May 23 '17 at 11:50

0

Your code is vulnerable to something called SQL injection; you generally prevent these attacks by using prepared statements.

If you mean, "Is this SQL statement syntactically valid?" yes, but not for an array. You need to use the IN statement; see Passing an array to a query using a WHERE clause.

edited May 23 '17 at 11:50

Community

answered May 13 '14 at 18:42

Levi Morrison

This is only for coursework, and we have been told that wont be taken into consideration – user3624883 May 13 '14 at 18:42

score 0 · Answer 2 · answered May 13 '14 at 18:43

0

$query = "SELECT * FROM venue_booking
          WHERE venue_id IN (" . implode(", ", $valueIDArray) . ")";

answered May 13 '14 at 18:43

Pankaj Garg

score 0 · Accepted Answer · answered May 13 '14 at 18:43

Assuming $valueIDArray values are numeric, implode into a comma separated list and use the IN clause:

$values = implode(',', $valueIDArray);
$query  = "SELECT * FROM venue_booking WHERE venue_id IN ($values)";

If text etc. you need quotes:

$values = "'". implode("','", $valueIDArray) ."'";

score 0 · Answer 4 · answered May 13 '14 at 18:45

0

First make a comma separated list of IDs and then use IN clause of SQL.

$comma_separated = implode(",", $valueIDArray);

$query = "SELECT * FROM venue_booking WHERE venue_id in ($comma_separated)";

answered May 13 '14 at 18:45

Nawed Khan

4 Answers4