Home/ Questions/Q 8584459
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T21:46:44+00:00

I originally had this working: url: http://server/blah.php?FacilityCode=FT $facilitycode = mysql_real_escape_string($_GET[FacilityCode]); $sql = SELECT …

  • 0

I originally had this working:

url: http://server/blah.php?FacilityCode=FT

$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$sql = "SELECT ..." .
       "FROM ..." .
       "WHERE ..." .
       "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
$result = mysql_query($sql);

But I want to change this so that people can submit multiple values in the query strying somehow, ie: http://server/blah.php?FacilityCode=FT,CC,DD,EE

I tried changing the query to an “IN” clause instead of an “equals” but I’m not sure how to get the ‘ marks around each element.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up using a combination of a few of the answers. Basically I exploded on the “,”, then did a foreach to add the ‘ marks and call escape_string, and then imploded it back.

    $facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
  $additionalfilter = '';
}
else {
  $facilitycodearray = explode(",", $facilitycodes);
  foreach($facilitycodearray as &$facilitycode) {
    $facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
  }
  $facilitycodesformatted = implode(",", $facilitycodearray);
  $additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}

$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;
    • 0