Asked  7 Months ago    Answers:  5   Viewed   32 times

Is there a way to store an array into mysql field? I'm creating a comment rating system so I want to store the arrays of user ids to prevent multiple votings. I'm going to create new table that holds the comment id and the array of user ids who have voted on this comment. Than I'll join comments table and this table and check whether the current user id exists in the voters array or note. If it does than the voting icons would be disabled. I think I'll prevent to use mysql query in loop in this way.

Do you happen to know any better ways?

 Answers

52

You can always serialize the array and store that in the database.
PHP Serialize

You can then unserialize the array when needed.

Wednesday, March 31, 2021
 
Uours
answered 7 Months ago
10

You don't need to escape your variables in a prepared statement, instead you should bind your variables before executing the statement. Also the column names should be inside ` marks.

$stmt = $dbConnectionW->prepare("UPDATE members SET 
                      `fname`=?,
                      `sname`=?,
                      `gender`=?,
                      `nationality`=?,
                      `year`=?,
                      `dep1`=?,
                      `dep2`=?,
                      `f_pos`=?,
                      `f_region`=?,
                      `exp_comp`=?,
                      `exp_dep`=?,
                      `shareinfo`=?,
                      `interest`=?,
                      `userconfirm`=?
                          WHERE `confirmcode`=?");
$stmt->bind_param('ssssissssssssis',$_POST['fname'],$_POST['sname'],$_POST['gender'],...);          
$stmt->execute();

I haven't included all the bound parameters for brevity.

Hope this helps.

Wednesday, March 31, 2021
 
hjalpmig
answered 7 Months ago
99

Assign

$_SESSION['question'] = $que; 

print_r($_SESSION['question'][0]); will give you first question.

Saturday, May 29, 2021
 
Laimoncijus
answered 5 Months ago
88

Delete your other question, ok?

The problem is you loop through $_SESSION and use the same name value each time. You need to create an array of your inputs. Here is an example:

<?php
echo '<h3>Your Order</h3>';
$current_url = base64_encode($url='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
  if(isset($_SESSION['products'])){
     echo '<ol>';
     echo '<form action="checkout_with_us.php" method="POST">';
     $total = 0;
     $cart_items = 0;

        foreach($_SESSION['products'] as $cart_itm){
           $product_code = $cart_itm['code'];
           $results = $mysqli->query("SELECT product_name,product_desc,price FROM products WHERE product_code='$product_code' LIMIT 1");
             $obj = $results->fetch_object();
                echo '<li>';
                echo 'Price: '.$currency.$obj->price;
                echo '<h4>'.$obj->product_name.'(Code: '.$product_code.')</h4>';
                echo 'Qty: '.$cart_itm['qty'];
                echo '</li>';

                   $subtotal = ($cart_itm['price'] * $cart_itm['qty']);
                     $total = ($total + $subtotal);
                     $cart_items++;
                       echo '<input type="hidden" name="product['.$product_code.'][item_name]" value="'.$obj->product_name.'">';
                       echo '<input type="hidden" name="product['.$product_code.'][item_desc]" value="'.$obj->product_desc.'">';
                       echo '<input type="hidden" name="product['.$product_code.'][item_qty]" value="'.$cart_itm["qty"].'">';
                       echo '<input type="hidden" name="product['.$product_code.'][item_code]" value="'.$product_code.'">';     
                }
                    echo '<strong>Sub Total: '.$currency.$total.'</strong>';
                    echo '<input type="hidden" name="product['.$product_code.'][price]" value="'.$total.'">';
                    echo '</ol>';   
                    }

//Here is the information of the customer
echo 'Firstname: <input type="text" name="firstname"><br />';
echo 'Lastname: <input type="text" name="lastname"><br />';
echo 'Email: <input type="text" name="email"><br />';
echo '<input type="submit" value="Send Step">';

echo '</form>';
?>

You can catch this by looping in your product array:

<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];

$conn = mysqli_connect('localhost','root','','sampsix')or die('Could not connect');

foreach($_POST['product'] as $product)
{
    $order_name = $product['item_name'];
    $order_code = $product['item_code'];
    $order_qty = $product['item_qty'];
    $sub_total = $product['price'];

    $query = "INSERT INTO `sampsix`.`orders`(`firstname`,`lastname`,`email`,`OrderName`,`OrderCode`,`OrderQty`,`SubTotal`) VALUES('$firstname','$lastname','$email','$order_name','$order_code','$order_qty','$sub_total')";
    mysqli_query($conn,$query);
}



mysqli_close($conn);

header('Location: checkout.php');
?>

I don't know what the purpose is of the table orders but with my example the products will be added to this table with the same firstname, lastname, etc.

Saturday, May 29, 2021
 
Ula
answered 5 Months ago
Ula
51

SQL Server 2008 (or newer)

First, in your database, create the following two objects:

CREATE TYPE dbo.IDList
AS TABLE
(
  ID INT
);
GO

CREATE PROCEDURE dbo.DoSomethingWithEmployees
  @List AS dbo.IDList READONLY
AS
BEGIN
  SET NOCOUNT ON;

  SELECT ID FROM @List; 
END
GO

Now in your C# code:

// Obtain your list of ids to send, this is just an example call to a helper utility function
int[] employeeIds = GetEmployeeIds();

DataTable tvp = new DataTable();
tvp.Columns.Add(new DataColumn("ID", typeof(int)));

// populate DataTable from your List here
foreach(var id in employeeIds)
    tvp.Rows.Add(id);

using (conn)
{
    SqlCommand cmd = new SqlCommand("dbo.DoSomethingWithEmployees", conn);
    cmd.CommandType = CommandType.StoredProcedure;
    SqlParameter tvparam = cmd.Parameters.AddWithValue("@List", tvp);
    // these next lines are important to map the C# DataTable object to the correct SQL User Defined Type
    tvparam.SqlDbType = SqlDbType.Structured;
    tvparam.TypeName = "dbo.IDList";
    // execute query, consume results, etc. here
}

SQL Server 2005

If you are using SQL Server 2005, I would still recommend a split function over XML. First, create a function:

CREATE FUNCTION dbo.SplitInts
(
   @List      VARCHAR(MAX),
   @Delimiter VARCHAR(255)
)
RETURNS TABLE
AS
  RETURN ( SELECT Item = CONVERT(INT, Item) FROM
      ( SELECT Item = x.i.value('(./text())[1]', 'varchar(max)')
        FROM ( SELECT [XML] = CONVERT(XML, '<i>'
        + REPLACE(@List, @Delimiter, '</i><i>') + '</i>').query('.')
          ) AS a CROSS APPLY [XML].nodes('i') AS x(i) ) AS y
      WHERE Item IS NOT NULL
  );
GO

Now your stored procedure can just be:

CREATE PROCEDURE dbo.DoSomethingWithEmployees
  @List VARCHAR(MAX)
AS
BEGIN
  SET NOCOUNT ON;

  SELECT EmployeeID = Item FROM dbo.SplitInts(@List, ','); 
END
GO

And in your C# code you just have to pass the list as '1,2,3,12'...


I find the method of passing through table valued parameters simplifies the maintainability of a solution that uses it and often has increased performance compared to other implementations including XML and string splitting.

The inputs are clearly defined (no one has to guess if the delimiter is a comma or a semi-colon) and we do not have dependencies on other processing functions that are not obvious without inspecting the code for the stored procedure.

Compared to solutions involving user defined XML schema instead of UDTs, this involves a similar number of steps but in my experience is far simpler code to manage, maintain and read.

In many solutions you may only need one or a few of these UDTs (User defined Types) that you re-use for many stored procedures. As with this example, the common requirement is to pass through a list of ID pointers, the function name describes what context those Ids should represent, the type name should be generic.

Tuesday, June 1, 2021
 
rlanvin
answered 5 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :