我如何将数组传递给mysql语句

时间:2013-03-02 19:31:41

标签: php mysql arrays

好吧所以我有一个问题我需要将产品ID数组传递给我在下面的sql语句

$index = 0;
  $products = $cart->get_products();
  for ($i=0, $n=sizeof($products); $i<$n; $i++) {
   $prod = $products[$index]['id'];

 if (strpos($prod,"{")){
 $product = preg_split("^[{}]^",$prod);
 }else{
 $product = $prod;
 }
 }
$product_query = tep_db_query("select cb.products_id, SUM(cb.customers_basket_quantity),SUM(p.products_rate)  from " . TABLE_PRODUCTS . " p INNER JOIN " . TABLE_CUSTOMERS_BASKET . " cb ON p.products_id = cb.products_id   
WHERE cb.customers_id ='" . $customer_id ."'
AND p.products_id IN '".$product ."'
");

结果总是

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Array'' at line 3

从产品中选择cb.products_id,SUM(cb.customers_basket_quantity),SUM(p.products_rate)p INNER JOIN customers_basket cb ON p.products_id = cb.products_id WHERE cb.customers_id =&#39; 3&#39; AND p.products_id IN&#39; Array&#39;

3 个答案:

答案 0 :(得分:2)

(如果您自己制作SQL(而不是PDO参数等),请非常小心插入SQL中的内容!)

确保$ product是一个数组:

$product = (array)$product;

然后逃避它的价值观:

$product = array_map('your_db_escape_function', $product);

然后将其字符串化:

$product = "'" . implode("', '", $product) . "'";

然后将其添加到查询中:

"... p.products_id IN (" . $product . ")"

编辑代码后,我认为这就是你想要的:

$products = $cart->get_products();
$productIds = array_map(function($product) {
    return (int)$product['id'];
}, $products);
$productIds = implode(', ', $productIds);

$query = tep_db_query("
    select cb.products_id, SUM(cb.customers_basket_quantity),SUM(p.products_rate)
    from " . TABLE_PRODUCTS . " p
    INNER JOIN " . TABLE_CUSTOMERS_BASKET . " cb ON p.products_id = cb.products_id
    WHERE cb.customers_id ='" . $customer_id ."'
    AND p.products_id IN (" . $productIds . ")
");

答案 1 :(得分:0)

使用IN (1, 2, 3, 4, 5)

将其设为implode(',', $product);

答案 2 :(得分:0)

好吧想通了!这是我需要的一个变量所以它现在读取

$id = $this->rate($id);
   $qty = $cart->count_contents($id);

在我的公式中返回正确的数量!

相关问题
最新问题