0

I get error : "Unknown column 'Array' in 'where clause'" perharps from variable $query in my code.

This is my code :

$zzz = mysql_query("SELECT alias FROM table WHERE ColumnA = 'yes'");
while($aaa = mysql_fetch_array($zzz)){
    $array[] = $aaa['alias'];
}
$query = mysql_query("SELECT * FROM table2 WHERE alias NOT IN ($array) ORDER BY Column1 DESC, Column2 DESC");

I want to make a SELECT query WHERE 'alias' in table2 not equal to any data in $array which come from fetch array $aaa.

I got a clue to make an array from fetch array from : Array in SQL Query?

But, i don't know how to add 'quote' for each data in array that made from $aaa.

Could anyone tell me how to do this? :)

Improve this question

2 Answers 2

Reset to default
2

Why not use nested queries? Example:

$query = mysql_query("SELECT * FROM table2 WHERE alias NOT IN (SELECT alias FROM table WHERE ColumnA = 'yes') ORDER BY Column1 DESC, Column2 DESC");

As noted in my below comment, however, your interaction appears to be vulnerable to injection attacks. This can be avoided to some degree, as others have stated, but as I have also stated, one of the better ways is to use PDO. Example:

try {
    $dbh = new PDO("mysql:host=localhost;dbname=dbname", "user", "password");
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $stmt = $dbh->prepare("SELECT * FROM table2 WHERE alias NOT IN (SELECT alias FROM table WHERE ColumnA = :bool) ORDER BY Column1 DESC, Column2 DESC");
    $stmt->bindValue(":bool","yes");
    $stmt->execute();
} catch (\PDOException $e) {
    // Something went wrong
}

while ($row = $stmt->fetch()) {
    // do stuff with query
}

PDO ships with php 5.1.

Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

However, as a note, your current method of db interaction appears to be vulnerable to injection attacks. I would suggest you look up PDO.
DO NOT wrap PDO code into try..catch. it's just useless and wrong
@YourCommonSense Could you explain? Even the php site recommends this for error catching..
@YourCommonSense I've removed the offending code, could you please remove your downvote?
@WouterJ I removed the try-catch as apparently 'it's wrong'. I had it in there before, and I got downvoted for it.
|
0

You're trying to use $array directly, and it does not print itself the way you need to. Following the advice in the linked question, you could use implode:

$newarray = implode(", ", $array);
$query = mysql_query("SELECT * FROM table2 WHERE alias NOT IN ($newarray) ORDER BY Column1 DESC, Column2 DESC");

As for adding quotes, you can just concatenate them together. However, I'd also escape the values before quoting, to avoid SQL injection vulnerabilities:

while($aaa = mysql_fetch_array($ambilLarikAkunTerlindungi)){
    $array[] = "'" . mysqli_real_escape_string($aaa['alias']) . "'";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.