Home/ Questions/Q 6545017
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T11:32:07+00:00

< ? php $array = array(‘name1’, ‘name2’, ‘name3’); $comma_separated = implode(,, $array); echo $comma_separated;

  • 0
< ? php

$array = array('name1', 'name2', 'name3');
$comma_separated = implode(",", $array);

echo $comma_separated;

mysql_query("INSERT INTO  uploadfile(UF_ID,UF_NAME,GENRE,CAT_ID,SUB_CAT_ID,TAG,DESCRIPTION)             VALUES('mysql_insert_id()','$comma_separated','$GENRE','1','1','$tag','$optionaldescription')") ? >
  1. How can i send these values through my query.
  2. The way i am forming my query is that fine.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d do the following:

    <?php

$array = array('name1', 'name2', 'name3');

$first=true;
$comma='';
$comma_separated='';
foreach($array as $value)
{
    if($first)
    {
        $first=false;
        $comma=',';
    }
    $comma_separated .= $comma.mysql_real_escape_string($value);
}

$result =mysql_query("INSERT INTO uploadfile (UF_ID,UF_NAME,GENRE,CAT_ID,SUB_CAT_ID,TAG,DESCRIPTION) VALUES('".mysql_insert_id()."','{$comma_separated}','".mysql_real_escape_string($GENRE)."','1','1','".mysql_real_escape_string($tag)."','".mysql_real_escape_string($optionaldescription)."');");
if(!$result)
{
    die( mysql_error() );
}

?>

    Take note of the use of mysql_real_escape_string(); this function escapes the input for SQL and protects you SQL injection. Also, if you had escaped the values earlier* I’d advice you to use interpolation in your SQL query string. Like this:

    "'1', '1', '{$tag}'"

    Not:

    "'1', '1', '$tag'"

    Notice that I’ve changed how mysql_insert_id() is used too. For the same reason.

    * – Like I’ve done with $comma_separated

    • 0