PDO 和 MySQL IN/NOT IN 查询的正确格式
出于显而易见的原因,这是要寻找的谋杀...
For reasons that should be obvious, this is murder to search for...
我如何在 PDO 中执行此操作:
How do I do this in PDO:
SELECT thing FROM things WHERE thing_uid IN ( ... )
我的特殊用例是一个字符串,它是通过分解从具有几十个复选框的表单中获取的数组构建的.在标准 MySQL 中,这很容易...
My particular use case is a string built by exploding an array taken from a form with several dozen checkboxes. In standard MySQL this is very easy...
$thingString = implode("', '", $thingArray);
$q = "SELECT thing FROM things WHERE thing_uid IN ('$thingString')";
但我希望它能够从 PDO 的反注入保护中受益……绑定参数等等.那么我该怎么做呢?
but I want that to benefit from PDO's anti-injection protection... bound params and all that. So how can I do it?
推荐答案
创建一个包含与您拥有的值一样多的 ? 的数组,并将其放入查询中.
Create an array of as many ? as you have values, and throw that into the query.
$placeholders = array_fill(0, count($thingArray), '?');
$sql = "SELECT thing FROM things WHERE thing_uid IN (" . implode(',', $placeholders) . ")";
相关文章