Query mysql according to Array unserialize

Question

Query mysql according to Array unserialize

Asked 9 years, 1 month ago

Viewed 42 times

1

In this select the bottom how can I make it only return the lines with the ids that are in this variable ( $range ) this variable is returning data from several ids database

// estou utlizando a função unserialize
$range = unserialize ($linha["range_ids"]);     

$sql = "SELECT a.*, f.*,e.*,u.*,p.*, SUM(valor) AS 'soma'  FROM a_finan AS f 

LEFT JOIN agenda_saidas AS a
ON a.id_saida = f.id_saida
LEFT JOIN empresas AS e
ON e.id_empresa = f.id_empresa
LEFT JOIN usuarios AS u
ON u.id_user = f.user_soli
LEFT JOIN passageiros AS p
ON p.voucher = f.voucher


where f.id_transfer = '$id_transfer' and cod_bloco_faturamento = '$bloco' ";     
$resultado = mysql_query($sql) or die( mysql_error());
while ($linha = mysql_fetch_assoc($resultado)) {

$bloco = $linha["cod_bloco_faturamento"];
$id_empresa = $linha["id_empresa"];
$valor1 = $linha["valor"];
$valor = 'R$' . number_format($valor1, 1, ',', '.');
$vencimento = $linha["data_vencimento"];

What are the values contained in it ?

– Edilson

2015/10/19 at 02:59
i am entering that data 1052,1053,1054 more am inserting in db through "serialize' this being written so la a:3:{i:1052;s:4:"1052";i:1053;s:4:"1053";i:1054;s:4:"1054";}

– Fabio Henrique

2015/10/19 at 03:19

1 answer

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.

by Papa Lazzarou • **101** points · Answer 1 · 2016-06-06T11:55:48+00:00

In the Where clause you can add the operator IN.

where f.id_transfer = '$id_transfer' and cod_bloco_faturamento = '$bloco' 
AND id_linha IN ('$range');"

However I want to add an alert, since the execution of the code as it is using opens select to an SQL Injection type attack.

Edit: I would advise you to compose the selects using the PDO or the Mysqli