|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2010-02-25 07:41 UTC] johannes@php.net
[2010-02-25 11:50 UTC] fmaz008 at gmail dot com
[2010-05-17 17:53 UTC] greg dot martyn at gmail dot com
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 30 15:00:01 2025 UTC |
Description: ------------ Using MySQL and InnoDB table, if you prepare this query: SELECT * FROM foo WHERE id IN(:values); You will be totally unable to use it, thoses solutions doesn't work: $arr = array(1,2,3,4,5); $prep->bindParam(':values', $arr, PDO::PARAM_STMT); //Invalid Array to String conversion or: $arr = array(1,2,3,4,5); $prep->bindParam(':values', implode(',', $arr), PDO::PARAM_STR); //Seems to be interpreted as "1,2,3,4,5" instead of "1","2","3","4","5" or plain integer values. ============ Actual work arround is to generate a string to inject in the query string before preparing it. But it's not a good solution as I often need to use prepared statement in loop. So if I must prepare and reprepare and re-reprepare, that's not usefull. ============ A PDO::PARAM_RAWSTR or PDO::PARAM_UNPROTECTED_STR might be a quick & good workarround to solve this problem until a better fix. Reproduce code: --------------- $arr = array(1,2,3,4,5); $prep->prepare('SELECT * FROM foo WHERE id IN(:values);'); $prep->bindParam(':values', implode(',', $arr), PDO::PARAM_STMT); $prep->execute(); Expected result: ---------------- SELECT * FROM foo WHERE id IN(1,2,3,4,5); Actual result: -------------- SELECT * FROM foo WHERE id IN("1,2,3,4,5");