Home/ Questions/Q 6728619
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T10:11:32+00:00

I have a ORDER_TABLE to store all ORDER ( order_id , order_name ) A

  • 0

I have a ORDER_TABLE to store all ORDER ( order_id , order_name )

A ORDER_ITEMS_TABLE store all items of each order ( order_item_id , order_id , item_name ). Each row is a item and a order have many row in ORDER_ITEMS_TABLE

I have a input that allow user to enter a list of items, separate by comma (item1,item2,item3)
and when user submit, i should get all orders from ORDER_TABLE that contain all items above (item1 AND item2 AND item3)

Help me please

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Make sure that you parse the user’s list of comma-separated items before you add it to the query, otherwise you’ll leave yourself open to SQL injection attacks.

    SELECT ot.order_name, oit.item_name
FROM ORDER_ITEMS_TABLE oit
INNER JOIN ORDER_TABLE ot ON ot.order_id = oit.order_id
WHERE oit.order_item_id IN (your,list,of,items)
    • 0