0

I already tried using the IN argument on a Select Statement like

$sql = "SELECT * FROM msgs WHERE user1 IN ('$var1','$var2') AND user2 IN ('$var1','$var2')";

Does this work on an IF Statement as well like

if(user1 IN ('$var1','$var2') AND user2 IN ('$var1','$var2')){

And if not, is there an alternate way to achieve something similar like this in an IF Statement?

UPDATE

The msg table somewhat looks like this :

accid  |  user1  |  user2  |  message  |
1         mark      edward    asasdsadsad
2         edward    mark      asdaqwdksjadhkq
3         mark      sherlock   sadasdadsad

I want to make an IF STATEMENT to identify whether user1 is mark/edward AND user2 is mark/edward - in that way I could confirm that the two have sent messages back-and-forth. Normally I could go with IN through SELECT, but in this case I must really use IF statement for some reasons. Is there anyway to do this?

Community
  • 1
  • 1
Dranreb
  • 313
  • 3
  • 11
  • What's the expected output? – Darshan Mehta Jun 27 '17 at 21:17
  • I'm trying to identify whether the user's id is "involved" on the table, like whether it exists either in the user1 table, or in the user2. – Dranreb Jun 27 '17 at 21:20
  • Function `in_array` – u_mulder Jun 27 '17 at 21:22
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 27 '17 at 21:23
  • Just an observation... to check whether a value exists *either* in ... *or* in ..., that seems to suggest we'd want an `OR` condition rather than an `AND` condition. I'm not saying the `AND` is wrong, it just strikes me odd to describe that the operation as checking "*either* ... *or*" when there's an `AND` in there. – spencer7593 Jun 27 '17 at 21:23
  • I'm confused that the SQL has curly braces? Or has PHP secretly introduced 'IN'? – Doug Jun 27 '17 at 21:31

1 Answers1

1

The IN operator is a standard SQL operator; that's valid in a SQL statement.

But that's not a PHP operator. No, the PHP if statement isn't correct. PHP comparison operators are documented here:

http://php.net/manual/en/language.operators.comparison.php

Not at all clear what user1 is a reference to. If that's a variable name, it should be preceded by a dollar sign.

The equivalent of that SQL expression in PHP would be something like this:

if( ( $user1 == $var1 or $user1 == $var2) and ( $user2 == $var1 OR $user2 == $var2 ) ) {

Note: In MySQL, by default, string comparisons are case insensitive. (It really depends on the collation of the expressions.) If we are comparing strings, to get case insensitive comparisons in PHP, we can use the strcasecmp function in place of the == comparison operator. Documented here:

http://php.net/manual/en/function.strcasecmp.php

As u_mulder suggested in a comment, if we are okay with a case sensitive comparison for strings, and if we put $var1 and $var2 into an array, we could make use of the in_array function, documented here:

http://php.net/manual/en/function.in-array.php

spencer7593
  • 106,611
  • 15
  • 112
  • 140