0

I have a site where user's searches are tagged with their user id. Right now, if a different user searches a duplicate, it adds +1 to a count field I have, yet, it still keeps the original user's id who searched it.

How can I start making an "array" of user ID's for the userId field in my table on a duplicate search. 

    $sql="INSERT INTO trending (searchstring, timecount, userSearch) VALUES('$_POST[contentVar]', NOW(), '$uid') ON DUPLICATE KEY UPDATE count = count + 1";

searchstring is the user search, timecount is time, userSearch is the user ID of the user who searched it.

Michael
  • 400
  • 3
  • 12

3 Answers3

0

SQL-injection
Never inject super-globals directly into SQL. With the update part you mustn't forget the set keyword.

Do it like this:

$content = mysql_real_escape_string($_POST['contentvar']);
$uid = mysql_real_escape_string($uid);
$sql="INSERT INTO trending (searchstring, timecount, userSearch)
      VALUES('$contentvar', NOW(), '$uid') 
      ON DUPLICATE KEY UPDATE SET count = count + 1";

See: http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
And: How does the SQL injection from the "Bobby Tables" XKCD comic work?

Community
  • 1
  • 1
Johan
  • 74,508
  • 24
  • 191
  • 319
  • Thank you for the help in regards to the sql injection. As for the update, I need to add the other user id to the already existing id. – Michael Oct 03 '11 at 20:36
0

Have you considered inserting a new row for each and every search, then you can query the table when you need by $uid and form an array that way.

digout
  • 4,041
  • 1
  • 31
  • 38
0

There are two possible approaches: 1. create a new table where the ids of the users will be kept or modify the userSearch column to hold a serialized array. Both cannot be done by simply modifying the UPDATE query.

Martin Dimitrov
  • 4,796
  • 5
  • 46
  • 62