PHP How add quotes?

Question

$sqlL = '';
$Allel = '';
foreach($arr as $el){
    $AllUrl .= ",'".addslashes($el)."'";
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

        $AllUrl = substr($Allel, 1); //delete first comma
        $sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN($Allel);";

In result we get next $sqlL:

DELETE FROM Table WHERE ID= '4' AND URL NOT IN(house, test, test test);

But in not right and this it will not work.

Tell me please how add quotes in $Allel ?

P.S.: i would like get next query:

DELETE FROM Table WHERE ID= '4' AND URL NOT IN('house', 'test', 'test test');

Answer 1

Try this:

<?php 

foreach($arr as $el){
    $AllUrl .= "'".addslashes($el)."' "; // Add items between spaces
}

$AllUrl_ = explode(" ",$AllUrl);
$AllUrlFinal = implode(",", $AllUrl_ ); // Change spaces by commas
$AllUrlFinal=trim($AllUrlFinal, ","); // would cut trailing and prefixing commas.
$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN($AllUrlFinal);";

Answer 2

While using an array and implode is probably the best solution, the problem with your code is that you set up one variable with the quotes, then instead add a different variable to the SQL:-

$sqlL = '';
foreach($arr as $el)
{
    $AllUrl .= ",'".addslashes($el)."'";
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

$AllUrl = substr($AllUrl, 1); //delete first comma
$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN($AllUrl);";

To use implode, add the items to an array (ignoring the comma), then just implode that array with a separating comma in the final assignment into the DELETE statement:-

$sqlL = '';
foreach($arr as $el)
{
    $AllUrl[] = "'".addslashes($el)."'";
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN(".implode(',', $AllUrl).");";

You should be escaping the string using mysql_real_escape_string or equivalent. Not sure which database drivers you are using so although the mysql_* drivers are deprecated they will do for an example:-

$sqlL = '';
foreach($arr as $el)
{
    $AllUrl[] = "'".mysql_real_escape_string($el)."'";
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN(".implode(',', $AllUrl).");";

Answer 3

There is only one answer to this... use prepared statements and don't build your own query using string functions and "handcraft" quotation marks and stuff. It is risky and the opposite of clean programing.

Anyways:

If $Allel contains pure values, use

$Allel = array_map(function($v) { return "'" . $v . "'"; }, $Allel);
$Allel = implode(', ', $Allel);

First line will wrap ' arround the values, second line will concat each with ,.

Answer 4

try this

$sqlL = '';
$Allel = '';

$arr_Allel = array();
foreach($arr as $el){
    $arr_Allel[] = ",'".addslashes($el)."'";
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

$Allel = implode(",", $arr_Allel);

$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN($Allel);";

Answer 5

You can use implode function,

$array = array('lastname', 'email', 'phone');
$comma_separated = implode(",", $array);

See the example below

$array = array("1","2","3");
echo "Array is: ".implode(",",$array );

Array is: 1,2,3

Answer 6

i think he wants something different , can you try it ?

implode("', '", $array);

and sql

$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN('".$Allel."');";

Answer 7

Try with this:

$sqlL = '';

foreach($arr as $el){
    $sqlL .= "INSERT INTO Table (ID, Seet, Column) VALUES ('4', '$Seet', '$el');";
}

$AllUrl = "'".implode("','",$arr)."'";
$sqlL .= "DELETE FROM Table WHERE ID= '4' AND URL NOT IN($AllUrl);";

Answer 8

You can use the PHP implode() function

<?php
implode(', ', $array);

PHP Documentation