How to post multiple values from a single textarea to where clause in MySQL

Question

I am trying to submit data from a single textarea such that for example, the textarea will be filled like so,

Nissan
Ford
Toyota

and when submitted, the query will look like this with the data submitted into the WHERE clause:

SELECT ve.cars, sp.engine
FROM vehicles AS ve INNER JOIN specs AS sp ON ve.id=sp.id 
WHERE ve.cars IN ('Nissan','Ford','Toyota')
GROUP BY ve.cars, sp.engine;

Is it possible to do this?

This would be easy if you just split the string. [What have you tried?](http://mattgemmell.com/what-have-you-tried/) Beware, though, that you don’t leave yourself wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). — elixenide, Jul 04 '18 at 02:54

Joven28 · Answer 1 · 2018-07-04T03:05:08.250

0

You can put a comma delimiter in the textarea then in your php code:

explode(",", $_POST['name_of_textarea']);

But you must always assume that the user will not always give a right input. They might put a malicious code to attack your website see sql injection https://www.w3schools.com/sql/sql_injection.asp

edited Jul 04 '18 at 03:05

answered Jul 04 '18 at 02:58

Joven28

769
3
12

This isn't the only thing that must be done. This alone would allow any user to execute any SQL they wanted. – user3783243 Jul 04 '18 at 03:02

How to post multiple values from a single textarea to where clause in MySQL

1 Answers1