I just add code because it will say everything. And yes, it does not work and I dont know why :(
$array = array('One', 'Two', 'Three');
$string = "'" . implode("', '", $array) . "'";
$query = "SELECT * FROM $table WHERE name IN (" . $string . ")";
$make = $this->conn->prepare($query);
$make->execute();
$result = $make->fetchAll();
It returns empty array. Thank you for your help.
分享 The problem comes in because you have single quotes in the values you're trying to pass to the table, i.e. "Man-o'-War".
Because you're using an array and a prepared statement you should pass the array when you execute the query:
$array = array('One', 'Two', 'Three');
$query = "SELECT * FROM $table WHERE name IN (" . implode(',',str_split(str_repeat('?',count($array)))).") ";
$make = $this->conn->prepare($query);
$make->execute($array);
$result = $make->fetchAll();
To insure we have enough positional placeholders we perform a little magic with implode(), str_split() and str_repeat() to get enough ? in the statement.
From Demystifying PHP's Data Objects (PDO)
YOU MUST pass all values to bind in an array to
PDOStatement->execute()or you have to bind every value withPDOStatement->bindValue(), then callPDOStatement->execute()with no parameters. Passing an array (empty or not) toexecute()will replace any previous bindings and can lead to errors, e.g. with MySQL the error "SQLSTATE[HY000]: General error: 2031" (CR_PARAMS_NOT_BOUND) if you passed an empty array.
One other note, make sure that $table is properly populated (and no, you cannot pass table or column names as parameters in PDO).
分享
