0

I have a form where I input 2 values: sku and filter_id. I then take sku and retrieve from DB an array of product_id that correspond that sku. For each product_id I need to insert a query back into DB with 2 values: product_id and filter_id.

I would like to build the query in the foreach loop and run a single SQL query at the end for efficient use of resources.

Here is my PHP code:

// Escape user inputs for security
$sku = mysqli_real_escape_string($db, $_POST['sku']);
$filter_id = mysqli_real_escape_string($db, $_POST['filter_id']);

// Check connection
if ($db->connect_error) {
    die("Connection failed: " . $db->connect_error);
} 

//get product_id array for requested sku
$sql = "SELECT product_id FROM oc_product WHERE sku = '$sku'";
$product_id_array = $db->query($sql);

if ($product_id_array->num_rows > 0) {
    foreach( $product_id_array as $row ) {
    $query_row[] = "('$row['product_id']','$filter_id')";
    }

    $final_query = "INSERT IGNORE INTO oc_product_filter (product_id, filter_id) VALUES " .implode(',', $query_row);
    $db->query($final_query);
} else {
    echo "no products found.";
}

Current error is:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

That is for this line: $query_row[] = "('$row['product_id']','$filter_id')";

Can anyone help me with the correct syntax to use? Thank you!

Improve this question
1
  • Is $query_row[] = "('".$row['product_id']."','".$filter_id."')"; working? Commented Sep 8, 2015 at 11:11

2 Answers 2

Reset to default
2

Update your code

$query_row[] = "('$row['product_id']','$filter_id')";
                 ^^                 ^^

into

$query_row[] = "('{$row['product_id']}','$filter_id')";
                 ^^                  ^^

You need to enclose your array variables within {}

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Downvoters please post the reason behind downvoting so I can update my answer
I didn't vote, so it wasn't me, but one possible reason for downvoting is that the whole thing could be better rewritten using a single query (ie an INSERT with an embedded SELECT), which would give performance benefits and also allow the code to be written as a parameterised query instead of the old-school method of using the escape functions and building the query string manually.
@Simba I'm always open to such improvements and what you're suggesting was initially my idea but I was unable to find syntax examples for doing combined INSERT and SELECT queries. Can you rewrite my example using this better method?
@FlorinC. Something like this: $db->prepare("INSERT IGNORE INTO oc_product_filter (product_id, filter_id) SELECT product_id, :filter_id FROM oc_product WHERE sku = :sku", ['filter_id'=>$filter_id, 'sku'=>$_POST['sku']); $db->execute();
(sorry for the formatting and/or any typos -- the comments don't make for the easiest way of presenting code)
|
0

Change from

$query_row[] = "('$row['product_id']','$filter_id')";

to

 $query_row[] = "('".$row['product_id']."','".$filter_id."')";
Improve this answer

1 Comment

Your solution works ok but @Uchiha answered first so I'm going to accept his solution. Thank you.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.