1

I have written a php script that returns an arbitrary number of specific ids (which are in the format of numbers) in an array. I would like to make a new query that selects each row from a table that belongs to each id. I know i can do 1 query to get one row with the matching id. But i would like to do this all in one query. Here is my code:

$id = array(1,4,7,3,11,120); // The array containing the ids

$query = mysql_query("SELECT * 
                        FROM posts 
                       WHERE id = '$id[0]'"); 
// I would like to Do this for each id in the array and return it as one group of rows.`
Improve this question

3 Answers 3

Reset to default
3

I think you want the IN clause:

$idList = implode(",", $id);

SELECT *
FROM posts
WHERE id IN ( $idList );

The implode() function will turn your array of numbers into a comma-separated string of those same values. When you use it as part of an IN clause, it tells the database to use those values as a lookup table to match id against.

Standard Disclaimer/Warning:
As with any SQL query, you really shouldn't be directly concatenating variables into the query string. You're just opening yourself up to SQL injection. Use prepared/parameterized statements instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Use PHP's implode function to convert the array into a comma separated value string.

Then, you can use the SQL IN clause to run a single SQL statement containing the values associated with the ids you captured from PHP:

$id = array(1,4,7,3,11,120);
$csv = implode(',', $id); 

$query = sprintf("SELECT * 
                    FROM posts 
                   WHERE id IN (%s)",
                  mysql_real_escape_string($csv)); 

$result = mysql_query($query)

I omitted the single quotes because they aren't necessary when dealing with numeric values in SQL. If the id values were strings, each would have to be encapsulated inside of single quotes.

Improve this answer

2 Comments

does the mysql_real_escape_string() escape each of the values in the array? or does it escape the array in general? i have never used it in this way.
@Ben: It doesn't escape each value. It's a poor example because of the numeric data, but if your array contained characters that were illegal to SQL/MySQL -- the illegal characters would be properly escaped.
1

What you want is SQL's IN clause.

SELECT * FROM posts WHERE id IN (1, 4, 7, 11, 120)

In PHP, you'll probably want something like:

$query = mysql_query(sprintf("SELECT * FROM posts WHERE id IN (%s)", implode(',', $id)));

Obviously, that's assuming you know you have integer values for $id, and that the values for $id didn't come from the user (that is, they should be sanitized). To be safe, you really ought to do something like:

$ids = implode(',', array_map('mysql_real_escape_string', $id));
$query = mysql_query("SELECT * FROM posts WHERE id IN ($ids)");

And if $id is dynamically generated, don't forget to put something in that IN clause, because SELECT * FROM foo WHERE bar IN () will give you an error. I generally make sure to set my IN-clause variables to 0, since IN (0) is good, and primary keys are pretty much never 0.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.