PDO和MySQL IN/NOT IN查询的正确格式 [英] Proper format for PDO and MySQL IN/NOT IN queries
本文介绍了PDO和MySQL IN/NOT IN查询的正确格式的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
出于显而易见的原因,这是谋杀...的谋杀案
For reasons that should be obvious, this is murder to search for...
我如何在PDO中执行此操作:
How do I do this in PDO:
SELECT thing FROM things WHERE thing_uid IN ( ... )
我的特殊用例是一个字符串,它是通过分解从带有几十个复选框的表单中提取的数组而构建的.在标准MySQL中,这非常容易...
My particular use case is a string built by exploding an array taken from a form with several dozen checkboxes. In standard MySQL this is very easy...
$thingString = implode("', '", $thingArray);
$q = "SELECT thing FROM things WHERE thing_uid IN ('$thingString')";
但是我希望从PDO的反注入保护中受益……绑定参数等等.那我该怎么办呢?
but I want that to benefit from PDO's anti-injection protection... bound params and all that. So how can I do it?
推荐答案
创建一个与值一样多的?
数组,并将其放入查询中.
Create an array of as many ?
as you have values, and throw that into the query.
$placeholders = array_fill(0, count($thingArray), '?');
$sql = "SELECT thing FROM things WHERE thing_uid IN (" . implode(',', $placeholders) . ")";
这篇关于PDO和MySQL IN/NOT IN查询的正确格式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文