PDO和MySQL IN/NOT IN查询的正确格式 [英] Proper format for PDO and MySQL IN/NOT IN queries

问题描述

出于显而易见的原因，这是谋杀...的谋杀案

For reasons that should be obvious, this is murder to search for...

我如何在PDO中执行此操作:

How do I do this in PDO:

SELECT thing FROM things WHERE thing_uid IN ( ... )

我的特殊用例是一个字符串，它是通过分解从带有几十个复选框的表单中提取的数组而构建的.在标准MySQL中，这非常容易...

My particular use case is a string built by exploding an array taken from a form with several dozen checkboxes. In standard MySQL this is very easy...

$thingString = implode("', '", $thingArray);
$q = "SELECT thing FROM things WHERE thing_uid IN ('$thingString')";

但是我希望从PDO的反注入保护中受益……绑定参数等等.那我该怎么办呢?

but I want that to benefit from PDO's anti-injection protection... bound params and all that. So how can I do it?

推荐答案

创建一个与值一样多的?数组，并将其放入查询中.

Create an array of as many ? as you have values, and throw that into the query.

$placeholders = array_fill(0, count($thingArray), '?');
$sql = "SELECT thing FROM things WHERE thing_uid IN (" . implode(',', $placeholders) . ")";

这篇关于PDO和MySQL IN/NOT IN查询的正确格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！