convert an array into individual strings

Question

I have the following arrays and I would like to convert each one of them into individual strings. In other words, break the array into individual pieces.

  $formatsArray = $_POST['formats'];
      $topicsArray = $_POST['topics'];

This is because I would like to include the individual strings in the following query "

  $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%'";


      $run_query = mysqli_query($con, $resources);

This is because format expect an individual string for comparison, such as lets assume the array is ["video", "blogs", "articles"], it wouldn't work if format was to be compared with video,blogs,articles but rather video, blogs or articles.

I hope this is clear, and for any clarification, please advise.

All the best,

Update:

$formats = explode(',', $formatsArray);
      $topics = explode(',', $topicsArray);


      $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";

update:

$run_query = mysqli_query($con, $resources);


  while($row = mysqli_fetch_array($run_query)) {

    $data[] = array(
      'format' => $row['format'],
      'title' => $row['title'],
      'costs' => $row['cost'],
      'stage' => $row['stage'],
      'topic' => $row['topic'],
      'link' => $row['link']
    );
  }

Update

  include('db.php');


  $query = 'select * from resources where ';
  $query .= 'stage LIKE :stage and';
  $execute[':stage'] = '%' . $stage . '%';
  if(!empty($_POST['formats'])){
  foreach($_POST['formats'] as $key => $format) {
      $query .= 'format LIKE :format' . $key . ' and ';
      $execute[':format' . $key] = '%' . trim($format) . '%';
  }
  }
  if(!empty($_POST['topics'])){
  foreach($_POST['topics'] as $key => $topic) {
      $query .= 'topic LIKE :topic' . $key . ' and ';
      $execute[':topic' . $key] = '%' . trim($topic)  . '%';
  }
  }
  $query = rtrim($query, ' and ');
  if(!empty($execute)) {
      $stmt = $con->prepare($query);
      $stmt->execute($execute);
  } else {
      echo 'You must search for something';
  }


      while($row = mysqli_fetch_array($query)) {

        $data[] = array(
          'format' => $row['format'],
          'title' => $row['title'],
          'costs' => $row['cost'],
          'stage' => $row['stage'],
          'topic' => $row['topic'],
          'link' => $row['link']
        );
      }

So a comma is the separator? Use explode then iterate through the array and build your query. Use prepared statements. — chris85, Aug 31 '15 at 00:51
thanks for the response. the comma is not a seperator. in the db, you have for instance "video" or "blogs" or "articles" for example, so if the array is implode with a comma such as video,blogs,articles it wouldn't match any entry. could you elaborate a bit more on your solution — code_legend, Aug 31 '15 at 00:54
Not implode, explode. So you have `$_POST['formats']` which is `video,blogs,articles` right? So if you explode on `,` then iterate through that array you will have each term separately.. — chris85, Aug 31 '15 at 00:56
thanks i have added an update at the bottom of my initial post. how would i proceed with the next step — code_legend, Aug 31 '15 at 01:01
`$formats` and `$topics` always have the same number of elements? — chris85, Aug 31 '15 at 01:03
not always the number of elements is undertermined as it is based on user selection — code_legend, Aug 31 '15 at 01:11
How is the table structured? Would there only be one value in the `format` column, one value in the `topics` column for each entry? — kittykittybangbang, Aug 31 '15 at 01:11
[`if ($_POST['topics'] == "'; DROP TABLE resources; --") { echo 'I got pwned :('; }`](http://stackoverflow.com/q/60174/2891365) — user193130, Aug 31 '15 at 01:16
yes format and topics column expect one entry each, such as format would only accept video or blogs for instance or topics idea generation, only one — code_legend, Aug 31 '15 at 01:19
@user193130 i am not familiar with prepared statement but will address it once we figure this out — code_legend, Aug 31 '15 at 01:22

kittykittybangbang · Answer 1 · 2015-08-31T02:09:13.713

1

Ignoring the necessity of prepared statements, you could do:

  $formats = implode('","', $formatsArray);
  $topics = implode('","', $topicsArray);

  $resources = "select * from resources where
                stage LIKE '%".$stage."%'
                AND format IN(".$formats.") AND topic IN(\"".$topics."\") ";

By adding the " before and after each , when you implode each array, your array would become e.g.

video","blogs","articles

So, we need to add the " to the beginning and end of each IN list. This will make the final query like:

select * from resources where
stage LIKE '%".$stage."%'
AND format IN("video","blogs","articles") AND ...

edited Aug 31 '15 at 02:09

answered Aug 31 '15 at 01:27

kittykittybangbang

2,380
4
16
27

1

`$formatsArray` isn't a PHP array in the OPs post. Explode first and then implode with quotes. Also, in the query you've escaped the quotes around `$topics` but not around `$formats`. This might be confusing. – onik Aug 31 '15 at 01:36
Thank you, @onik -- I guess the variable name threw me off. :P And the missing escaped quotes was totally my bad, thanks for catching. – kittykittybangbang Aug 31 '15 at 01:44
thanks. i unfortunatetly get the following error: trim() expects parameter to be string, array given – code_legend Aug 31 '15 at 02:07
@user3907211 Sorry about that -- I thought your `$formatsArray` *was* a string. Answer is edited and should work now -- although it looks like @chris85's answer did the trick for you. – kittykittybangbang Aug 31 '15 at 02:10

chris85 · Answer 2 · 2015-08-31T02:37:17.213

1

I think this would do it. This also will resolve the injection hole by using prepared statements.

$query = 'select * from resources where ';
if(!empty($_POST['formats'])){ 
foreach($_POST['formats'] as $key => $format) {
    $query .= 'stage LIKE :stage' . $key . ' or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
    $query .= 'topic LIKE :topic' . $key . ' or ';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
    echo $query;
    print_r($execute);
    //$stmt = $mysqli->prepare($query);
    //$stmt->execute($execute);
} else {
    echo 'You must search for something';
}

Gives you a query of

select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3

and bound values of:

Array
(
    [:stage0] => %test%
    [:stage1] => %test1%
    [:topic0] => %value1%
    [:topic1] => %value2%
    [:topic2] => %value3%
    [:topic3] => %value4%
)

Here's the initial code I had for when I thought the data was paired..

foreach($formats as $key => $format) {
    $topic = $topics[$key];
    $query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}

A few links on prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php

edited Aug 31 '15 at 02:37

answered Aug 31 '15 at 01:38

chris85

23,846
7
34
51

thanks. not too familiar with prepared statement. why //$stmt = $mysqli->prepare($query); //$stmt->execute($execute); commented out – code_legend Aug 31 '15 at 01:46
Oo you can uncomment that, that was just for an example of how to use it. I don't have a DB set up so can't execute. – chris85 Aug 31 '15 at 01:48
should i comment out echo $query; print_r($execute); – code_legend Aug 31 '15 at 01:49
thanks. just one minor request. because i wasn't really familiar with prepared statement i ommited included the following code, i have added under my initial post. would any change have to be made to them? – code_legend Aug 31 '15 at 01:52
Doesn't that SQL query search for all ORs in parallel? Shouldn't it be `SELECT * FROM resources WHERE (stage LIKE :stage0 OR stage LIKE :stage1) AND (topic LIKE :topic0 OR topic LIKE :topic1)` etc. – onik Aug 31 '15 at 01:54
Yes this is looking for any of the provided values. I had something written up earlier for if they were paired but I thought you'd said the data wasn't paired.. – chris85 Aug 31 '15 at 01:55
Updated with some links and previous code for if they were to be paired. – chris85 Aug 31 '15 at 01:59
thanks, i unfortunatetly receive the following error explode() expects parameter to be string array given – code_legend Aug 31 '15 at 02:04
There's no explode in my code...Are you sure you ran my code and it worked for you? – chris85 Aug 31 '15 at 02:09
sorry for all those questions, but the size of the array for format or topic is undertermined in advance – code_legend Aug 31 '15 at 02:18
1

Okay, first please unaccept my answer. You should accept an answer when it works. Going forward what array are you referring to, isn't `$_POST['formats']` a string? If not then how did `$formats = explode(',', $formatsArray);` work? – chris85 Aug 31 '15 at 02:22
$_POST['formats'] returns an array such as ["blogs", "video", "books", "podcasts"], etc – code_legend Aug 31 '15 at 02:24
So when you said an hour ago `thanks i have added an update at the bottom of my initial post. how would i proceed with the next step` did you just type the code in and not run it? – chris85 Aug 31 '15 at 02:25
it was my fault. i proceeded by assumption – code_legend Aug 31 '15 at 02:29
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/88331/discussion-between-chris85-and-user3907211). – chris85 Aug 31 '15 at 02:31
hey thanks for your response. i receive another error here: fatal error call to member function execute() on boolean in line 45 $stmt->execute($execute); – code_legend Aug 31 '15 at 22:06
What does the output give you if you revert from executing to the query values? – chris85 Sep 01 '15 at 03:38
thanks for sticking through,.i notice the problem it has to do with the expectation of the query in the sense that i had for instance in the array videos, when the query was expecting video, so i remove the s the error went away, and similar case for other items in the array – code_legend Sep 01 '15 at 12:33
So this is all set now or you need a way to depluralize the phrases? – chris85 Sep 01 '15 at 12:41

convert an array into individual strings

2 Answers2

Linked