im trying to use array for mysql where in clause
$result= $myDB->query("SELECT sum(total) as total FROM ".$myDB->prefix("mydata")." WHERE categoryname IN ('".$categoryname."') AND year='$year' AND stat_id='$stat_id'");
current ouput for the categoryname is
('Cat1,Cat2,Cat3')
desired output
('Cat1','Cat2','Cat3')
i tried it like so far but its not working
$categoryname_new = implode(',',$categoryname);
$result= $myDB->query("SELECT sum(total) as total FROM ".$myDB->prefix("mydata")." WHERE categoryname IN ('".$categoryname_new."') AND year='$year' AND stat_id='$stat_id'");
解决方案
the naive solution will be:
$array = ['Cat1', 'Cat2', 'Cat3'];
echo "'" . implode("','", $array) . "'";
but it could introduce sql injection, so you need properly escape data in array first
sample one-line with escaping:
echo "'" . implode("','", array_map('mysql_escape_string', $array)) . "'";
note: mysql_* functions are deprecated, you need to use mysqli_* which require connection link
560
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
