dongmei1988 2012-02-10 23:50
浏览 32
已采纳

使用PHP使用IN子句查询MySQL

I want to do a query similar to the following:

SELECT f_name, l_name, title from
-> employee_data where title 
-> IN ('Web Designer', 'System Administrator');

The search terms are received in an array $data = ['Web Designer', 'System Administrator'] and right now I can turn that array into Web Designer,System Administrator using:

 $data = implode(',', $data)

Is there a good way to turn that array into 'Web Designer', 'System Administrator' so I can insert this phrase into the MySQL query directly as shown at the beginning of the post?

  • 写回答

4条回答 默认 最新

  • duanmian1085 2012-02-10 23:56
    关注

    You probably should use:

    $data = implode( ', ', array_map( $data, array( $object, 'escape')));
$query .= 'title IN ( ' . $data . ')'; // Append to condition

    Where $object->escape() would by function like:

    public function $escape( $string){
   return "'" . mysql_real_escape_string( $string, $this->connection) . "'";
}

    Here's array_map() documentation, and mysql_real_escape_string(). This should be SQL injection proof solution.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 根据以下文字信息,做EA模型图
  • ¥15 删除虚拟显示器驱动 删除所有 Xorg 配置文件 删除显示器缓存文件 重启系统 可是依旧无法退出虚拟显示器
  • ¥15 vscode程序一直报同样的错,如何解决?
  • ¥15 关于使用unity中遇到的问题
  • ¥15 开放世界如何写线性关卡的用例(类似原神)
  • ¥15 关于并联谐振电磁感应加热
  • ¥60 请查询全国几个煤炭大省近十年的煤炭铁路及公路的货物周转量
  • ¥15 请帮我看看我这道c语言题到底漏了哪种情况吧!
  • ¥60 关机时蓝屏并显示KMODE_EXCEPTION_NOT_HANDLED,怎么修?
  • ¥66 如何制作支付宝扫码跳转到发红包界面