Re: [PHP-DB] explode () and mySQL query
Thodoris wrote:
> O/H Ron Piggott ??:
>> I am trying to add a search feature to my shopping cart.
>>
>> I am wanting to use PHP to develop the query for mySQL. I have the
>> following code figured out:
>>
>> foreach(explode(" ", $keyword) as $key) $query .= " $key, ";
>>
>> This produces:
>>
>> WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, )
>>
>> The weakness is the trailing , after the last word the user types in.
>>
>> How can I eliminate this?
>>
>> Ron
>>
>>
>>
> You can alternative use implode which I think is a much better choice
> because it does exactly what you need.
> You can use it like this
>
> $keys = implode(",",$keyword);
> $query .= $keys;
Not really - because it'll create an invalid sql query. Even if you put
quotes around it, it would be prone to sql injection (search for o'malley).
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] explode () and mySQL query
O/H Ron Piggott ??:
I am trying to add a search feature to my shopping cart.
I am wanting to use PHP to develop the query for mySQL. I have the
following code figured out:
foreach(explode(" ", $keyword) as $key) $query .= " $key, ";
This produces:
WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, )
The weakness is the trailing , after the last word the user types in.
How can I eliminate this?
Ron
You can alternative use implode which I think is a much better choice
because it does exactly what you need.
You can use it like this
$keys = implode(",",$keyword);
$query .= $keys;
This is the reference in the manual:
http://gr2.php.net/manual/en/function.implode.php
--
Thodoris
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] explode () and mySQL query
Ron Piggott wrote:
> I am trying to add a search feature to my shopping cart.
>
> I am wanting to use PHP to develop the query for mySQL. I have the
> following code figured out:
>
> foreach(explode(" ", $keyword) as $key) $query .= " $key, ";
I hope this isn't a copy/paste from your code as it's going to cause
problems with sql queries (put a ' in one of your keywords and see what
happens). If it is, you need to use mysql_real_escape_string.
If it's not, then ignore :P
> This produces:
>
> WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, )
>
> The weakness is the trailing , after the last word the user types in.
The easiest way would be to do something like this:
$keyword_search = '';
foreach(explode(" ", $keyword) as $key) {
$keyword_search .= "'" . mysql_real_escape_string($key) . "', ";
}
// take off the last 2 chars - one is a 'space' and the other is the
last ','
$keyword_search = substr($keyword_search, 0, -2);
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
