SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Dec 2011
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP PDO: Prepared Statements with IN clause

    Hi everyone,
    I have been using PDO to handle my database querying, and as part of this, I have made use of prepared statements. My problem is, i'm unsure how I would use the IN clause in a prepared statement?
    Thanks.

  2. #2
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As far as I know, you have to prepare arrays and loop for multiple IN(?,?,?....) and values!
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  3. #3
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    689
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Raju Gautam View Post
    As far as I know, you have to prepare arrays and loop for multiple IN(?,?,?....) and values!
    Yep or just revert to escaping the input and directly inserting a comma delimited list. In most cases I deal with numbers so it's not so bad.

    Really wish the designers of prepared statements had allowed for arrays.

  4. #4
    SitePoint Member
    Join Date
    Dec 2011
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the responses, seems odd how the developers overlooked the IN clause when it comes to prepared statements.

  5. #5
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,026
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    Well, it is a pretty big can of worms. Also, in many cases a subquery will work better than having PHP handle the ids at all.

    Id's can be kept in an array. To include the array

    Code php:
    $sql = "SELECT * FROM table WHERE id IN ( ".implode(',',$array).")";

    If you are paranoid about the values you can walk them first. For example, if they must be integers...

    Code php:
    array_walk($array, function( &$value ) { $value = (int) $value });

    If you need to quote wrap them.

    Code php:
    array_walk($array, function( &$value ) { $value = PDO::quote($value) });

    And yes, that's one of the rare instances where you'd need to use PDO::quote()

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Great post @Michael Morris; I did not know how to do the last example so thanks.
    Steve
    ictus==""


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •