Re: [PHP-DB] explode () and mySQL query
Thodoris wrote: > O/H Ron Piggott ??: >> I am trying to add a search feature to my shopping cart. >> >> I am wanting to use PHP to develop the query for mySQL. I have the >> following code figured out: >> >> foreach(explode(" ", $keyword) as $key) $query .= " $key, "; >> >> This produces: >> >> WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, ) >> >> The weakness is the trailing , after the last word the user types in. >> >> How can I eliminate this? >> >> Ron >> >> >> > You can alternative use implode which I think is a much better choice > because it does exactly what you need. > You can use it like this > > $keys = implode(",",$keyword); > $query .= $keys; Not really - because it'll create an invalid sql query. Even if you put quotes around it, it would be prone to sql injection (search for o'malley). -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] explode () and mySQL query
O/H Ron Piggott ??: I am trying to add a search feature to my shopping cart. I am wanting to use PHP to develop the query for mySQL. I have the following code figured out: foreach(explode(" ", $keyword) as $key) $query .= " $key, "; This produces: WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, ) The weakness is the trailing , after the last word the user types in. How can I eliminate this? Ron You can alternative use implode which I think is a much better choice because it does exactly what you need. You can use it like this $keys = implode(",",$keyword); $query .= $keys; This is the reference in the manual: http://gr2.php.net/manual/en/function.implode.php -- Thodoris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] explode () and mySQL query
Ron Piggott wrote: > I am trying to add a search feature to my shopping cart. > > I am wanting to use PHP to develop the query for mySQL. I have the > following code figured out: > > foreach(explode(" ", $keyword) as $key) $query .= " $key, "; I hope this isn't a copy/paste from your code as it's going to cause problems with sql queries (put a ' in one of your keywords and see what happens). If it is, you need to use mysql_real_escape_string. If it's not, then ignore :P > This produces: > > WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, ) > > The weakness is the trailing , after the last word the user types in. The easiest way would be to do something like this: $keyword_search = ''; foreach(explode(" ", $keyword) as $key) { $keyword_search .= "'" . mysql_real_escape_string($key) . "', "; } // take off the last 2 chars - one is a 'space' and the other is the last ',' $keyword_search = substr($keyword_search, 0, -2); -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php