current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

This question already has an answer here:

I have a javascript array that looks like this, 21,22,22,22,23,23,23,26,27,27 etc. I need to get it into a php array and then use that array to query mysql to search for the values in the array.

I here is my code, I am using this to reload an element with the posted converted array.

$(function() {
    $("#deckRefresh").click(function(evt) {
        var teset = convertArray(deck_array);
        $("#deckTest").load("core/m.deckcontainer.php?cid="+teset)
        evt.preventDefault();
    })
})

here is the javascript function I am calling to convert the array:

function convertArray(array){
var teset = JSON.stringify(array);
return teset;
}

Converting the array which might have looked like this: 22,22,22,22,23,23,23,23,26,27,28,28 The JSON $_post value returned is this: [22,22,22,22,23,23,23,23,26,27,28,28] After searching stack for answers this is what my code for taking the array and querying mysql looks like:

if($_GET){

$queryTest = str_replace("[","",$_GET['cid']);
$queryTest1 = str_replace("]","",$queryTest);
$esplodCId = explode(',', $queryTest1);


foreach ($esplodCId as $key => $var){
$esplodCId[$key] = (int)$var;
}

$sql = mysql_query("SELECT * FROM cards WHERE cid IN($esplodCId)");
while ($row = mysql_fetch_assoc($sql)){
echo "{$row['img']}<br/>";
}
}

All I want to see for now is just the img info from mysql, when I run this I am getting, "Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in...." I can't for the life of me figure out how to get this array into a format in which I can use please help!

share|improve this question

marked as duplicate by John Conde, M Khalid Junaid, Alberto, John Willemse, Mark Loeser Jan 16 at 16:02

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
    
deck_array.toString(); instead of that convertArray() –  sbeliv01 Jan 15 at 18:34
1  
You're processing json yourself in PHP. DON'T. There's json_decode() to do this for you. –  Marc B Jan 15 at 18:34
    
@Marc B - It doesn't look like JSON is being passed in the first place. Just a comma separated value for the cid param. –  sbeliv01 Jan 15 at 18:36

1 Answer 1

up vote 0 down vote 
$esplodCId = explode(',', $queryTest1);
^^^^^^^^^^--- explode returns an array

$sql = mysql_query("SELECT * FROM cards WHERE cid IN($esplodCId)");
                 using an array in a string context---^^^^^^^^^^

Your query is actually:

SELECT * FROM cards WHERE cid IN(Array)

because an array used in string context is literally the word Array.

WIth your code as is, you'd have been better of simply stripping off the [ and ] from the raw json string and stuffing the leftover CSV string into the query.

Beyond this, you're vulnerable to SQL injection attacks

What you should have in PHP is something more like:

$json = $_GET['cid'];
$ids = json_decode($json);

$csv = implode(',', $ids);

$sql = "SELECT .... WHERE cid IN ($csv)";

This is STILL vulnerable to SQL injection attacks, but it'd at least work for non-hostile numeric-only data.

share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.