好吧所以我有一个问题我需要将产品ID数组传递给我在下面的sql语句
$index = 0;
$products = $cart->get_products();
for ($i=0, $n=sizeof($products); $i<$n; $i++) {
$prod = $products[$index]['id'];
if (strpos($prod,"{")){
$product = preg_split("^[{}]^",$prod);
}else{
$product = $prod;
}
}
$product_query = tep_db_query("select cb.products_id, SUM(cb.customers_basket_quantity),SUM(p.products_rate) from " . TABLE_PRODUCTS . " p INNER JOIN " . TABLE_CUSTOMERS_BASKET . " cb ON p.products_id = cb.products_id
WHERE cb.customers_id ='" . $customer_id ."'
AND p.products_id IN '".$product ."'
");
结果总是
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Array'' at line 3
从产品中选择cb.products_id,SUM(cb.customers_basket_quantity),SUM(p.products_rate)p INNER JOIN customers_basket cb ON p.products_id = cb.products_id WHERE cb.customers_id =&#39; 3&#39; AND p.products_id IN&#39; Array&#39;
答案 0 :(得分:2)
(如果您自己制作SQL(而不是PDO参数等),请非常小心插入SQL中的内容!)
确保$ product是一个数组:
$product = (array)$product;
然后逃避它的价值观:
$product = array_map('your_db_escape_function', $product);
然后将其字符串化:
$product = "'" . implode("', '", $product) . "'";
然后将其添加到查询中:
"... p.products_id IN (" . $product . ")"
编辑代码后,我认为这就是你想要的:
$products = $cart->get_products();
$productIds = array_map(function($product) {
return (int)$product['id'];
}, $products);
$productIds = implode(', ', $productIds);
$query = tep_db_query("
select cb.products_id, SUM(cb.customers_basket_quantity),SUM(p.products_rate)
from " . TABLE_PRODUCTS . " p
INNER JOIN " . TABLE_CUSTOMERS_BASKET . " cb ON p.products_id = cb.products_id
WHERE cb.customers_id ='" . $customer_id ."'
AND p.products_id IN (" . $productIds . ")
");
答案 1 :(得分:0)
使用IN (1, 2, 3, 4, 5)
implode(',', $product);
答案 2 :(得分:0)
$id = $this->rate($id);
$qty = $cart->count_contents($id);
在我的公式中返回正确的数量!