Jump to content

Exploding and checking against DB

Xtremer360

By Xtremer360
in PHP Coding Help

 Share

Recommended Posts

Xtremer360 Advanced Member

Xtremer360

Posted
Posted

$characterIDs = explode(',', $_POST['characterIDList']);

 

After the explode I want to take all those values and do a select statement in a database table for any of the values that match any of the values inside that variable variable. Not sure how to do this since there is no limit to how may there could be.

Link to comment
https://forums.phpfreaks.com/topic/226089-exploding-and-checking-against-db/
Share on other sites
Zurev Newbie

Zurev

Posted
Posted

$characterIDs = explode(',', $_POST['characterIDList']);

 

After the explode I want to take all those values and do a select statement in a database table for any of the values that match any of the values inside that variable variable. Not sure how to do this since there is no limit to how may there could be.

 

Not going to lie, it's a bit difficult to understand, but I'll give it a go.

 

foreach ($characterIDs as $characterID)
{
mysql_query("SELECT * FROM `tablename` WHERE `fieldname` = '$characterID'");
}

 

Foreach loop takes each value of an array and runs through it what is in the loop, the as $characterID refers to what each individual array value will be equal to, you can also use the array key by doing as $key => $characterID.

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

It would be infinitely better not to put a query in a loop. Assuming the values are numeric, this should work, if they're string values you'd need to account for that by adding appropriate single-quotes.

 

$query = "SELECT * FROM `tablename` WHERE `fieldname` IN ( " . implode(', ', $characterIDs) . " )";
if ( $result = mysql_query($query) ) {
     // do your mysql_fetch_whatever
}

Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

Basically after form submission here its going to establish the variables from the POST method of the form. Its going to run the first select query and then the second select query. Can I add an additional argument to the Qresult variable to accept the second Select query.

 

if (isset($_POST['submithandler'])) {
    $username = mysqli_real_escape_string($dbc, $_POST['username']);
    $password = sha1($_POST['password']);
    $firstname = mysqli_real_escape_string($dbc, $_POST['firstname']);
    $lastname = mysqli_real_escape_string($dbc, $_POST['lastname']);
    $email = mysqli_real_escape_string($dbc, $_POST['email']);
    $status = (int)$_POST['status'];
    $admin = mysqli_real_escape_string($dbc, $_POST['admin']);
    $characterIDs = explode(',', $_POST['characterIDList']);
    $defaultcharid = (int) $characterIDs[0];

    $query = "SELECT * FROM `handlers` WHERE (`username` = '".$username."') OR (`email` = '".$email."') OR (`default_character_id` = '".$defaultcharid."')";
    $query2 = "SELECT * FROM `handler_characters` WHERE `character_id` IN ( " . implode(', ', $characterIDs) . " )";
    
    $Qresult = mysqli_query ( $dbc, $query ); // Run The Query  
    
    if (mysqli_num_rows($Qresult) == 0) {
    
        $query = "INSERT INTO `handlers` 
                (username,    password,   firstname,   lastname,   email, status_id, isadmin, default_character_id, creator_id, datecreated) 
            VALUES 
                ('".$username."','".$password."','".$firstname."','".$lastname."','".$email."','".$status."','".$admin."', '".$defaultcharid."', 1, NOW())";
        mysqli_query($dbc, $query);
        
        $result = "good";
    
    } else {
        
        $result = '';
        while ($row = mysqli_fetch_array($Qresult)) {
            if (($username  && $row['username'] == $username) AND ($email  && $row['email']  == $email) AND ($defaultcharid  && $row['default_character_id']  == $defaultcharid) )  {$result .= 'bad7';} else
            if (($email  && $row['email'] == $email) AND ($defaultcharid  && $row['default_character_id']  == $defaultcharid))  {$result .= 'bad6';} else
            if (($username  && $row['username'] == $username) AND ($defaultcharid  && $row['default_character_id']  == $defaultcharid))  {$result .= 'bad5';} else  
            if (($username  && $row['username'] == $username) AND ($email  && $row['email']  == $email))  {$result .= 'bad4';} else  
            if ($defaultcharid        && $row['default_character_id']         == $defaultcharid)      {$result .= 'bad3';} else  
            if ($email        && $row['email']         == $email)      {$result .= 'bad2';} else
            if ($username        && $row['username']         == $username)      {$result .= 'bad1';}  
        }
    }
}

Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

I take that back after some looking I came up with this:

 

What its supposed to do is do the first select query and then the second select query and if both pass then run the insert however I'm hoping that my all my syntax is correct here because when it gets to the insert in the second table its supposed to make a new row for each of the characters that were exploded with that same handler id value.

 

 

$query = "SELECT * FROM `handlers` WHERE (`username` = '".$username."') OR (`email` = '".$email."') OR (`default_character_id` = '".$defaultcharid."')";
    $query .= "SELECT * FROM `handler_characters` WHERE `character_id` IN ( " . implode(', ', $characterIDs) . " )";
    
    $Qresult = mysqli_query ( $dbc, $query ); // Run The Query  
    
    if (mysqli_num_rows($Qresult) == 0) {
    
        $query = "INSERT INTO `handlers` 
                (username,    password,   firstname,   lastname,   email, status_id, isadmin, default_character_id, creator_id, datecreated) 
            VALUES 
                ('".$username."','".$password."','".$firstname."','".$lastname."','".$email."','".$status."','".$admin."', '".$defaultcharid."', 1, NOW())";
        mysqli_query($dbc, $query);
        $query_id = mysqli_insert_id($dbc); 
        $query2 = "INSERT INTO `handler_characters` (`handler_id`, `bio_id`) VALUES ('".$query_id."', '" . implode(', ', $characterIDs) . "')";
        mysqli_query($dbc, $query2);
        
        $result = "good";
    
    }

ngreenwood6 Advanced Member

ngreenwood6

Posted
Posted

Just to go off of what you are working with...You are just making your server work a little harder than it needs to lol. Your characterIds are already comma separated but you are exploding them to put them in an array and then you are imploding them to put them back into the comma separated values. Why not just use the comma separated values you originally had :).

ignace Advanced Member

ignace

Posted
Posted 

$query = "SELECT * FROM `tablename` WHERE `fieldname` IN ( " . implode(', ', $characterIDs) . " )";
if ( $result = mysql_query($query) ) {
     // do your mysql_fetch_whatever
}

 

If you are going to pass it through a query you should validate/filter it:

 

$query = "SELECT * FROM `tablename` WHERE `fieldname` IN (" . implode(',', array_filter(array_map('intval', explode(',', $_POST['characterIDList'])))) . " )";
if ( $result = mysql_query($query) ) {
     // do your mysql_fetch_whatever
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.