使用 WHERE 子句将数组传递给查询 [英] Passing an array to a query using a WHERE clause

问题描述

给定一个 id 数组 $galleries = array(1,2,5) 我想要一个 SQL 查询，它在其 WHERE 子句中使用数组的值，例如:

Given an array of ids $galleries = array(1,2,5) I want to have a SQL query that uses the values of the array in its WHERE clause like:

SELECT *
FROM galleries
WHERE id = /* values of array $galleries... eg. (1 || 2 || 5) */

如何生成用于 MySQL 的查询字符串?

How can I generate this query string to use with MySQL?

推荐答案

注意！这个答案包含一个严重的SQL 注入 漏洞.请勿使用此处提供的代码示例，也不要确保任何外部输入都经过消毒.

BEWARE! This answer contains a severe SQL injection vulnerability. Do NOT use the code samples as presented here, without making sure that any external input is sanitized.

$ids = join("','",$galleries);   
$sql = "SELECT * FROM galleries WHERE id IN ('$ids')";

这篇关于使用 WHERE 子句将数组传递给查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！