使用WHERE子句将数组传递给查询 [英] Passing an array to a query using a WHERE clause

问题描述

给出一个ID数组$galleries = array(1,2,5)我想要一个SQL查询，该查询使用其WHERE子句中的数组值，例如:

Given an array of ids $galleries = array(1,2,5) I want to have a SQL query that uses the values of the array in its WHERE clause like:

SELECT *
FROM galleries
WHERE id = /* values of array $galleries... eg. (1 || 2 || 5) */

如何生成用于MySQL的查询字符串?

How can I generate this query string to use with MySQL?

推荐答案

注意！！此答案包含严重的 SQL注入漏洞.在未确保任何外部输入都经过消毒的情况下，请勿使用此处提供的代码示例.

BEWARE! This answer contains a severe SQL injection vulnerability. Do NOT use the code samples as presented here, without making sure that any external input is sanitized.

$ids = join("','",$galleries);   
$sql = "SELECT * FROM galleries WHERE id IN ('$ids')";

这篇关于使用WHERE子句将数组传递给查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！