PDO 和 MySQL IN/NOT IN 查询的正确格式 [英] Proper format for PDO and MySQL IN/NOT IN queries

问题描述

出于显而易见的原因，这是要寻找的谋杀...

For reasons that should be obvious, this is murder to search for...

我如何在 PDO 中执行此操作:

How do I do this in PDO:

SELECT thing FROM things WHERE thing_uid IN ( ... )

我的特殊用例是一个字符串，它是通过分解从具有几十个复选框的表单中获取的数组构建的.在标准 MySQL 中，这很容易...

My particular use case is a string built by exploding an array taken from a form with several dozen checkboxes. In standard MySQL this is very easy...

$thingString = implode("', '", $thingArray);
$q = "SELECT thing FROM things WHERE thing_uid IN ('$thingString')";

但我希望它能够从 PDO 的反注入保护中受益……绑定参数等等.那么我该怎么做呢?

but I want that to benefit from PDO's anti-injection protection... bound params and all that. So how can I do it?

推荐答案

创建一个包含与您拥有的值一样多的 ? 的数组，并将其放入查询中.

Create an array of as many ? as you have values, and throw that into the query.

$placeholders = array_fill(0, count($thingArray), '?');
$sql = "SELECT thing FROM things WHERE thing_uid IN (" . implode(',', $placeholders) . ")";

这篇关于PDO 和 MySQL IN/NOT IN 查询的正确格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！