Search database using array and then echo/print result in foreach loop using PHP

Question

I need to get variable code from URL so I $codes = $_GET['code']; (url example website.com/update?code[]=7291&code[]=9274&code[]=8264&) then I SELECT firstname FROM guests WHERE invitecode = $codes" then I output data and set as $relatives = $row["firstname"] and then later on in the file I need to echo/print print $relative.

Why is this not working for me?

... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = $codes";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    $relatives[] = $row["firstname"];
}
}

foreach ($relatives as $relative) {
print $relative;
}

Update:

So now using:

<?php

$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
    $thecodes .= (int)$vals . ",";
if($thecodes != "")
{
    $thecodes = trim($thecodes, ",");
    $sql = "SELECT firstname FROM guests WHERE invitecode IN ($thecodes)";
    $result = mysqli_query($conn, $sql);
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
    $relatives[] = $row["firstname"];
}
}
foreach ($relatives as $relative) {
print $relative;
}
}
else
{
}

?>

It works but I would like to enter the foreach ($relatives as $relative) { echo $relative; }; into a value like this $message = $firstname . " " . $lastname . " will be coming to your event. " . ;.

In the end it would turn out something like this: $message = $firstname . " " . $lastname . " will be coming to your event. " . foreach ($relatives as $relative) { echo $relative . " "; };.

For some reason it won't work when I combine them.

Answer 1

Use the IN operator for this.

<?php

$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
    $thecodes .= (int)$vals . ","; //Loop through making sure each is an int for security reasons (No sqli)
if($thecodes != "") //There is at least one code
{
    $thecodes = trim($thecodes, ","); //Remove any additional commas
    $sql = "SELECT firstname, lastname FROM guests WHERE invitecode IN ($thecodes)"; //Use the IN operator
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) {
        while($row = mysqli_fetch_assoc($result)) {
            echo $row["firstname"] . " " . $row["lastname"] . "is coming to your event";
        }
    }

}
else //No codes to be queried
{

}

?>

Answer 2

Can this be a solution for you?

$relatives = array(); // declare array
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE ";
foreach ($codes as $code) $sql .= "invitecode = " . intval($code) . " OR ";
$sql .= "1=2"; // simple way to remove last OR or to make sql valid if there are no codes
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
  // output data of each row
  while($row = mysqli_fetch_assoc($result)) {
      array_push($relatives, $row["firstname"]);
  }
}

foreach ($relatives as $relative) {
print $relative;
}

Answer 3

I think this will work...

... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = '$codes'";
$result = mysqli_query($conn, $sql) or die('-1' . mysqli_error());

if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    echo ($row['firstname']);
}
}