implode arrays 2

[jasc2k]

hi all,

this is probably an easy one but just wanted confirmation really - I have a array of names that I want to use in an SQL statement so I need each array item to be surrounded by 's

Heres my implode:

$id_string = "'".implode("','", $follow)."'";

Now this code does work ie it returns 'tim','james','bob',etc
but it does not look very clean to me, and as I now need to use this code in a few places wanted some confimation or cleaner suggestions?

Thanks
James

 

[vacunita]

The code is pretty much correct. Sometimes code is just not nice.

You could get a little fancier and use a foreach loop.

foreach($myarr as $item){
$mystr.="'$item',";
}
$mystr=substr($mystr,0,strlen($mystr)-1);
echo $mystr;

But that's just too much extra code.

Perhaps what you would want to do is turn it into a function you can call.

That way you don't have all that each time you need to implode your arrays, but rather something nicer like

$id_string=myimplode($follow);

Then in your function:

function myimplode($thearray){
return ("'".implode("','", $thearray)."'"); 
}

Which means all those quotes are only located in one place instead of all over your code.







----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

there are alternatives. assuming you are using this in a query, you can run the query through PDO using placeholders and just pass the array as an argument to the prepared statement (if this is not clear then let us know). PDO will then automatically escape your values and enquote them at the same time.

$statement = $pdo->prepare('Insert into mytable (field1, field2) values (?,?)');
$statement->prepare($arrayOfValues);

i often extend the PDO function to take create a method to insert data into a table. something like this should work (although the abstraction layer that i use has more error checking and validation built into it).

   function insert($table, $values){  
      global $pdo;
      $fields = array_keys($values);
      $params = array_values($values);
      for ($i=0; $i<count($fields); $i++){$placeholders[] = '?';}
      $query = "Insert into $table (".implode(',', $fields) . ") values (".implode(',', $placeholders).")";
      $statement = $pdo->prepare($query);
      $r = $statement->prepare($values);
      return $r === false ? $r->errorInfo() : $pdo->lastInsertId();
   }

alternatively you can map a function to the values array (which may be valuable as you need to escape the sql values too).

$queryString = implode(',',array_map('mysql_prepare', $array));

function mysql_prepare($value){
  return "'" . mysql_real_escape_string($value) . "'";
}

 

[jasc2k]

firstly thanks for 2 great answers a function call would tidy things up! But I do like the mysql prepare so it can escape it also.
Will take a go at that tomorrow

Thanks loads

 

[jasc2k]

thanks again for the insight guys turns out I need to do alot of SQL cleanups! (