current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I want to list all the results ($photosToPromote[$i]) of the for statement within the WHERE bit of my SQL query.

At the moment the for statement outputs a text list of the results, and the SQL picks up 1 of the $photosToPromote if only one photo has been selected on the previous page. If more than one photo has been selected then the FOR Statement lists them all, but the SQL does not find them and display the images.

Do I need to use a mysql_real_escape_string before putting it into SQL? How can I do this too?

$photosToPromote = $_POST['promotePhoto'];
if(empty($photosToPromote)) 
{
echo("<p class=\"error\">You didn't select any photos so go back and start again!");
} 
else
{
$N = count($photosToPromote);

echo("You selected $N photos(s): ");
for($i=0; $i < $N; $i++)
{
    echo($photosToPromote[$i] . " ");
}
}

$queryUserPhotos = mysql_query("SELECT photoID FROM photos WHERE photoid='$photosToPromote[$i]' AND (auth = '5' OR auth = '2' OR auth = '4') ORDER BY auth DESC") or die("Something went wrong...please try this again later!");

while($resultUserPhotos = mysql_fetch_array($queryUserPhotos)){

<img src=\"/$imgpath/$resultUserPhotos[photoID].jpg\" alt=\"Your Photo\"/>

}
share|improve this question
    
Note that mysql_* functions are deprecated (see the red box). In general, it's better to use parameterized queries. –  Marcel Korpel Mar 24 '13 at 15:23

1 Answer 1

up vote 0 down vote

could you try this:

$c = '';
foreach ($photosToPromote as $p) {
    $c .= " photoid=$p OR ";
}
$c .= '1=2';//false condition to close $c by a condition never true
$q = "SELECT photoID FROM photos WHERE ( $c ) AND (auth = '5' OR auth = '2' OR auth = '4') ORDER BY auth DESC";
$queryUserPhotos = mysql_query($q) or die("Something went wrong...please try this again later!");
share|improve this answer
    
Just realised I don't need a SQL connection as I only need the photoID. So I can just loop the rest from that. Whoops...and thanks :) –  Thomas Mar 24 '13 at 16:22

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.