CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   PHP (http://www.codingforums.com/forumdisplay.php?f=6)
-   -   Escaping Variables / Arrays in MySQL Strings (http://www.codingforums.com/showthread.php?t=283416)

d'Anconia 12-02-2012 11:49 PM
Escaping Variables / Arrays in MySQL Strings
 
Okay so I am currently attempting to make a mock-up of an eCommerce site and I noticed that on more than one occasion I have had issues trying to figure out the correct syntax for using arrays (multi-dimensional or otherwise) within MySQL query strings. Specifically the use of quotes (single or double) causes some confusion for me.

I want to put together a cart in the $_SESSION namespace that should have this form:
$_SESSION['cart']['item_' . $n], where $n starts from 0 and increases by one during every instance of the loop. For every 'item_n' there will be an associated 'item_n_qty' that holds the associated quantity in the cart for each item.

If I wanted to include this multi-dimensional array in a MySQL query, what is the best way to do this? Currently I have the following:

PHP Code:
$index "item_" $m;
                $item_quantity "item_" $m "_qty";
                $cart 'cart';
                $current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                    FROM products WHERE product_id = $_SESSION[$cart][$index] LIMIT 1"//need to do a join? why am I using product_id? 
And that query is giving me errors when I try running it in my PHP script. Any help would be appreciated and I think the issue has to do with the fact that typically an array element name has to be in quotes, but when I tried that earlier ('cart' instead of $cart) NetBeans identified it as incorrect code.

d'Anconia 12-03-2012 01:45 AM
Okay so I figured out the problem. Apparently I have to use the curly braces around the entire $_SESSION variable. My final string that worked is as follows:

PHP Code:
$current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                    FROM products WHERE product_id = {$_SESSION['cart'][$index]} LIMIT 1"
Just figured I'd let people know how I got it to work in case someone runs into the same problem.

PoorBoy 12-03-2012 02:41 AM
Thanks for sharing. We can also solve it by using concatenation operator like so..

PHP Code:
$current_cart_query "SELECT product_id, product_name, price, product_description, image_path, category 
                    FROM products WHERE product_id = "$_SESSION['cart'][$index] ." LIMIT 1"

Fou-Lu 12-03-2012 03:43 PM
Yep, in double quotations if you have a complex type you should use braces around them. A single dimension won't require them, but multiple dimensions will as the parser is ungreedy within the double quotes. So it would resolve first $_SESSION['cart'], then take the result (which is Array) and offset the [$index]. So it attempts to write it as Array[$index] which of course will not dereference to any valid value as its not a variable. The alternative above is the approach I would use, although typically I just use printformatting so I don't need to string concat. Another alternative is to use prepared statements and bind the variables.


All times are GMT +1. The time now is 10:30 AM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.