Home/ Questions/Q 395563
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T16:27:59+00:00

I’m trying to build a query using php and mysql, $query = select *

  • 0

I’m trying to build a query using php and mysql,

 $query = "select * from products where product_name = '$item_name'";

this works when $item_name holds only one name, but $item_name is an array and based on the user’s interaction can contain multiple names, how can I make the query to run for multiple name and get the resulted rows.

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s how you could build a safe list of names for inserting into an IN clause…

    if (is_array($names) && count($names))
{
    $filter="('".implode("','" array_map('mysql_real_escape_string', $names))."')";
    $sql="select * from products where product_name in $filter";

    //go fetch the results
}
else
{
    //input was empty or not an array - you might want to throw an
    //an error, or show 'no results'
}

    array_map returns the input array of names after running each name through mysql_real_escape_string to sanitize it. We implode that array to make a nice list to use with an IN clause.

    You should always ensure any data, particularly coming directly from the client side, is properly escaped in a query to prevent SQL injection attacks.

    • 0