Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Code:
$friendsArray = array("zac1987", "peter", "micellelimmeizheng1152013142");
$friendsArray2 = join(', ',$friendsArray);
$query120 = "SELECT picturemedium FROM users WHERE username IN ('$friendsArray2')";
echo $query120;
This is the output :
SELECT picturemedium FROM users WHERE username IN ('zac1987, peter, micellelimmeizheng1152013142')
It fails because usernames are not wrapped by single quotes like ‘zac1987’, ‘peter’, ‘mice…’. How can each username be wrapped with single quotes?
Let’s loop through each name one by one, escaping each.
I’m going to recommend that you use an actual MySQL escaping function rather than just wrapping quotes around, to ensure that the data actually goes into the query correctly. (Otherwise, if I entered a name like
It's me!, the single quote would mess up the query.) I’m going to assume here that you’re using PDO (which you should!), but, if not, replace references toPDO::quotewithmysql_real_escape_string.