array help i think

[dadamssg]

i want to use values out of a GET variable in a query like this

 

SELECT * FROM `test` WHERE event IN('performance') and createdby IN('admin', 'jordo49')

 

so say the url may look like this

 

mysite.com/api.php?category=performance&createdby=admin+jordo49+moderator

 

i want to get the createdby varialbes(admin, jordo49, and moderator) and then seperate them with apostrophes and commas so it will work in my select query. How would i go about doing this?

 

so my code would look somethin like this

<?php
$uservars = $_GET['createdby'];

//code to format with apostrophes and commas
$users = part i need help with

$sql = "SELECT * FROM `test` WHERE event IN('performance') and createdby IN(&users)";

//run query, blah dee blah
?>

[btherl]

Try this:

 

$createdby_arr = explode(" ", $_GET['createdby']);
$createdby_sql = "('" . implode("','", $createdby_arr) . "')";
$sql = "SELECT * FROM `test` WHERE event IN('performance') and createdby IN ($createdby_sql)";

 

I haven't dealt with escaping of the input strings - you should do this for security.  You can escape each element of the array before calling implode().

[JonnoTheDev]

This will result in a sql error. Your braces are invalid after IN clause

Try this:

 

$createdby_arr = explode(" ", $_GET['createdby']);
$createdby_sql = "('" . implode("','", $createdby_arr) . "')";
$sql = "SELECT * FROM `test` WHERE event IN('performance') and createdby IN ($createdby_sql)";

 

I haven't dealt with escaping of the input strings - you should do this for security.  You can escape each element of the array before calling implode().

 

Fix

<?php
$createdby_sql = "'".implode("','", explode(" ", $_GET['createdby']))."'";
$sql = "SELECT * FROM test WHERE event IN('performance') and createdby IN ($createdby_sql)";
?>

[dadamssg]

awesome, thanks guys!