0

Im not sure whats wrong with this code, but I cant make it work. I'm trying to verify if multiple email addresses exists in user table.

Here is my code:

(
    [email] => Array
        (
            [0] => jim@mail.com
            [1] => peter@mail.com
            [2] => john@mail.com
        )

)

array_filter($_POST['email']);

function _implode($array)
{
    $result = array();
    foreach ($array as $row) {
        if ($row != '') {
            array_push($result, $row);
        }
    }
    return implode(",", $result);
}


$emails = _implode(array_map(function($str) { return sprintf("'%s'", $str); }, $_POST['email']));

$users = $db->query("SELECT email FROM users WHERE email IN(" . $emails . ")");

Please note that I'm using PDO driver

Alko
  • 1,421
  • 5
  • 25
  • 51
  • What exactly are you trying to accomplish? – Darwin von Corax Mar 26 '16 at 04:23
  • To pull all the records from users table based on multiple email addresses. – Alko Mar 26 '16 at 04:26
  • Is there a reason that you are assigning a value to `$emails`, and then not referencing that, but referencing a *different* variable `$email` on the next line of code? For debugging this, have you considered generating the SQL statement into a string, as a separate step, and the echoing/printing the contents of the string, to see what it contains? [**How to debug small programs** http://ericlippert.com/2014/03/05/how-to-debug-small-programs/](http://ericlippert.com/2014/03/05/how-to-debug-small-programs/) – spencer7593 Mar 26 '16 at 04:31
  • It was a typo in regards to $email variable. – Alko Mar 26 '16 at 04:36
  • Your code is open to SQL injection. You should use prepared statements with bound parameters instead of what you're doing there. – Mike Mar 26 '16 at 05:02
  • See this question: http://stackoverflow.com/questions/6071619/pdo-bind-unknown-number-of-parameters (note, the accepted answer doesn't have the highest votes). – Mike Mar 26 '16 at 05:05

0 Answers0