Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder d'Anconia's Avatar
    Join Date
    Jan 2010
    Location
    Tempe, AZ
    Posts
    149
    Thanks
    16
    Thanked 6 Times in 6 Posts

    Escaping Variables / Arrays in MySQL Strings

    Okay so I am currently attempting to make a mock-up of an eCommerce site and I noticed that on more than one occasion I have had issues trying to figure out the correct syntax for using arrays (multi-dimensional or otherwise) within MySQL query strings. Specifically the use of quotes (single or double) causes some confusion for me.

    I want to put together a cart in the $_SESSION namespace that should have this form:
    $_SESSION['cart']['item_' . $n], where $n starts from 0 and increases by one during every instance of the loop. For every 'item_n' there will be an associated 'item_n_qty' that holds the associated quantity in the cart for each item.

    If I wanted to include this multi-dimensional array in a MySQL query, what is the best way to do this? Currently I have the following:

    PHP Code:
    $index "item_" $m;
                    
    $item_quantity "item_" $m "_qty";
                    
    $cart 'cart';
                    
    $current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                        FROM products WHERE product_id = $_SESSION[$cart][$index] LIMIT 1"
    //need to do a join? why am I using product_id? 
    And that query is giving me errors when I try running it in my PHP script. Any help would be appreciated and I think the issue has to do with the fact that typically an array element name has to be in quotes, but when I tried that earlier ('cart' instead of $cart) NetBeans identified it as incorrect code.
    Last edited by d'Anconia; 12-02-2012 at 11:51 PM.
    Datagonia Web (My Portfolio)

    Powerful ideas for all lovers of personal and political freedom:
    Freedomain Radio
    Free Talk Live

  • #2
    Regular Coder d'Anconia's Avatar
    Join Date
    Jan 2010
    Location
    Tempe, AZ
    Posts
    149
    Thanks
    16
    Thanked 6 Times in 6 Posts
    Okay so I figured out the problem. Apparently I have to use the curly braces around the entire $_SESSION variable. My final string that worked is as follows:

    PHP Code:
    $current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                        FROM products WHERE product_id = {$_SESSION['cart'][$index]} LIMIT 1"

    Just figured I'd let people know how I got it to work in case someone runs into the same problem.
    Datagonia Web (My Portfolio)

    Powerful ideas for all lovers of personal and political freedom:
    Freedomain Radio
    Free Talk Live

  • #3
    New to the CF scene
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for sharing. We can also solve it by using concatenation operator like so..

    PHP Code:
    $current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                        FROM products WHERE product_id = "
    $_SESSION['cart'][$index] ." LIMIT 1"

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Yep, in double quotations if you have a complex type you should use braces around them. A single dimension won't require them, but multiple dimensions will as the parser is ungreedy within the double quotes. So it would resolve first $_SESSION['cart'], then take the result (which is Array) and offset the [$index]. So it attempts to write it as Array[$index] which of course will not dereference to any valid value as its not a variable. The alternative above is the approach I would use, although typically I just use printformatting so I don't need to string concat. Another alternative is to use prepared statements and bind the variables.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •