MySQLi query to loop through array and update multiple rows

I have an array like:

$postdata[1] = 'This';
$postdata[2] = 'That';
$postdata[3] = 'The other';

And I want to loop through the array and update all of the rows where ID corresponds to the array key. Like:

foreach ($postdata as $key => $value) {
  if ($key == 1) {
    $update = $db->query("UPDATE site_email_templates SET Content='$postdata[1]' WHERE ID = 1");
  } else if ($key == 2) {
    $update = $db->query("UPDATE site_email_templates SET Content='$postdata[2]' WHERE ID = 2");
  } else if ($key == 3) {
    $update = $db->query("UPDATE site_email_templates SET Content='$postdata[3]' WHERE ID = 3");

What would be the simplest way to do this, not particularly knowing how many array keys there are, and keeping it all in one query?

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

You need to use prepared statements in order to avoid errors and vulnerabilities of all sorts and also to get some minor performance gain

$stmt = $db->prepare("UPDATE site_email_templates SET Content=? WHERE ID = ?");
$stmt->bind_param("ss", $content, $id);
foreach ($postdata as $id => $content)

Reference: How can I prevent SQL injection in PHP?

Solution 2

Note: My answer is based on the PDO driver which in many aspects is better than mysqli. If you need mysqli solution please check the other answer provided by @Your Common Sense

The code below is tested on real environment and served with prepared statement preventing SQL-injection:

$sql = "UPDATE `site_email_templates` SET `Content` = (:content) WHERE `Id` = (:id)";
$stmt = $dbConn->prepare($sql);
foreach ($postdata as $id => $content)
    $stmt->execute([':id' => $id, ':content' => $content]);

For more details about SQL injection you can read more:

Solution 3

For maximal speed, IODKU can do all the updates in a single statement. Caution: You should not use this for updating if you don’t know that the ids exist.

    (id,           -- A PRIMARY or UNIQUE key
     col1, col2)   -- column(s) to change
    (111, 22, 33),
    (222, 33, 44),
        col1 = VALUES(col1),
        col2 = VALUES(col2);

You must provide some way to "bind" or "escape" the values to avoid sql-injection.

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply