I have and array with two values and I want to use it with sql IN operator in select query.
Here is the structure of my table
id comp_id
1 2
2 3
3 1
I have an array $arr
which have two values Array ( [0] => 1 [1] => 2 )
I want to fetch the record of comp_id 1 and comp_id 2. So I wrote the following query.
SELECT * from table Where comp_id IN ($arr)
But it does not return the results.
As you have plain integers can just do…
$sql = "SELECT * FROM table WHERE comp_id IN (".implode(',',$arr).")";
(as it keeps coming up, some additional information… )
If working with with strings (particularly untrusted) input, can do
$sql = "SELECT * FROM table WHERE comp_id IN
('".implode("','",array_map('mysql_real_escape_string', $arr))."')";
but does not cope values like NULL. And will add quotes blindly around numeric values, which does not work if using strict mysql mode. https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#idm140082377917056
… ie ONLY use this if really working with strings (like VARCHAR), NOT numeric columns.
The Need to call something like mysql_real_escape_string
is so that any quotes in the strings is properly dealt with! (as well as preventing SQL Injections!)
… if DO want to work with ‘untrusted‘ numbers, can use intval
or floatval
$sql = "SELECT * FROM table WHERE comp_id IN (".implode(",",array_map('intval', $arr)).")";
to sanitise the input. (no quotes around the input.
Answer:
you need to convert the array into comma-separated string:
$condition = implode(', ', $arr);
And, additionally, you might want to escape the values first (if you are unsure about the input):
$condition = implode(', ', array_map('mysql_real_escape_string', $arr));
Answer:
$arr is a php array, to the sql server you need to send a string that will be parsed
you need to turn your array in a list like 1, 2, etc..
to do this you can use the function http://php.net/implode
so before running the query try
$arr = implode ( ', ', $arr);
Answer:
You need to implode your array with ‘,’ comma
$imploded_arr = implode(',', $arr);
SELECT * from table Where comp_id IN ($imploded_arr)
Answer:
you can only pass string to mysql as query, so try this
mysql_query("SELECT * FROM table WHERE comp_id IN (".implode(',',$arr).")");
Answer:
You’re mixing PHP and SQL – for the IN
SQL operator, you need a format like:
SELECT * from table WHERE comp_id IN (1,2)
So to get that in PHP you need to do something like:
$sql = "SELECT * from table Where comp_id IN (".implode(',',$arr).")"
Bear in mind that this only works if the array comprises of integers. You have to escape each element if they are strings.
Answer:
All the people here are proposing the same thing but i got a warning in WordPress because of a simple error. You need to add commas to your imploded string. To be precise something like this.
$query = "SELECT *FROM table Where comp_id IN ( '" . implode( "', '", $sanitized_brands ) . "' )";
Hoping it helps someone like me. 🙂
Answer:
You need something like:
$sql = "SELECT * from table where comp_id in (".implode(',',$arr.")";
Answer:
You need to actually convert your $arr
to a string. The simplest way with what you’re doing would be to use implode()
$query = 'SELECT * from table Where comp_id IN (' . implode(',', $arr) . ')';
Right now if you echo
your query you’ll see that rather than the array being in the IN
statement, it will just be the word “Array”
Answer:
You need to convert the array to a string for use in the query:
$list = implode(',', $arr);
Then it can be used in the IN clause:
SELECT * from table Where comp_id IN ($list)
Answer:
As per @barryhunter ‘s answer which works only on array that contains integer only:
$sql = "SELECT * from table Where comp_id IN (".implode(',',$arr).")";
I’ve made some tweaks to make it work for array of strings:
$sql = "SELECT * from table Where comp_id IN ('".implode("','",$arr)."')";
Answer:
There are some risks of SQL injection in a few of the previous answers. It might be fine if you are completely certain about $arr
being sanitized (and will stay that way). But if you aren’t completely sure, you might want to mitigate such risk using $stmt->bindValue
. Here is one way of doing it:
# PHP
$in_list = array();
for ($i = 0; $i < count($arr); $i++) {
$key = 'in_param_' . i;
$in_list[':' . $key] = array('id' => $arr[$i], 'param' => $key);
}
$keys = implode(', ', array_keys($in_list));
// Your SQL ...
$sql = "SELECT * FROM table where id IN ($keys)";
foreach ($in_list as $item) {
$stmt->bindValue($item['param'], $item['id'], PDO::PARAM_INT);
}
$stmt = $this->getConnection()->prepare($sql)->execute();
Answer:
If your array is of Integers :
$searchStringVar = implode(",",$nameIntAryVar);
$query="SELECT * from table NameTbl WHERE idCol='$idVar' AND comp_id IN ($searchStringVar)";
If your array is of Strings :
$searchStringVar = implode("','",$nameStringAryVar);
$query="SELECT * from table NameTbl WHERE idCol='$idVar' AND comp_id IN ('$searchStringVar')";