MYSQLi中的准备语句与“SELECT WHERE IN”结合使用

I'm facing a little problem with mysqli and prepared statements:

I want to prepare and "IN" statement in sqli but it does not work for me! :-(

Can someone help or explain me what I'm doing wrong? I think it's because of the way prepared statements work and therefore like some magic (strip, addslashed ...) are preventing my solution so maybe I need something else but can figure it out. This is my sql statement:

$dbPrepare = $db->prepare(
    'SELECT
    `name`, `image`
    FROM `sometable`
    WHERE `number` IN (?)'
);
$dbPrepare->bind_param('s', $numbers);

and that is my way of achieving the "$numbers":

$numbers = implode('","', explode(',', $_GET['numbers']));

the "var_dump($numbers)" result is like this: string(5) "a","b" ($_GET['numbers'] get it's value like this: &numbers=a,b)

I know, maybe not the best solution, but actually I wanna transfer (in the end could be $_POST) some data to a "IN" statement including a prepared variable.

FOR REFERENCE: this is working:

$dbPrepare = $db->prepare(
    'SELECT
    `name`, `image`
    FROM `sometable`
    WHERE `number` IN ("'.implode('","', explode(',', $_GET['numbers'])).'")'
);

So I'm quite sure it's because of the prepared variable.

Thanks in advance!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dqd72925 2014-06-26 08:02
关注
Try this $dbPrepare = $db->prepare( 'SELECT `name`, `image` FROM `sometable` WHERE `number` IN (?)' ); $dbPrepare->bind_param('s', $numbers[0],$numbers[1]);
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP PDO使用IN和WHERE运算符准备语句 php
2016-08-10 00:48

回答 1 已采纳 I believe the reason this is not working is because you are using both $stmt->bindParam(1, $va
在预准备语句中的mysqli select语句中使用LIKE / OR运算符 php
2014-09-19 14:27

回答 1 已采纳 While I'm not very familiar with parameter binding, shouldn't you be specifying a type for each ar
使用％通配符的Mysqli准备语句 mysql php
2017-06-15 15:28

回答 1 已采纳 You need to bind the complete value, not just a portion of it. This means doing: $where = "First_
php中的select 语句,快速掌握MySQL数据库中SELECT语句_php
2021-04-28 06:49

蒙小彬的博客本文针对mysql数据库中的SELECT语句快速精细掌握。MySQL中SELECT语句的基本语法是：以下是引用片段：SELECT [STRAIGHT_JOIN] [SQL_SMALL_RESULT][SQL_BIG_RESULT] [HIGH_PRIORITY][DISTINCT|DISTINCTROW|ALL]select_...
MySQLi准备了语句与查询 php
2014-06-21 00:44

回答 2 已采纳 Yes and no: It is necessary to check the $field variable agains a white-list - that is the only wa
PHP和mysqli：使用预准备语句选择多个条件 php
2013-03-17 05:18

回答 4 已采纳 You should be using prepare to prepare a statement, not query as that just executes a query.
使用MySQLi动态绑定准备语句中的参数 php
2014-02-20 02:36

回答 1 已采纳 There are not 67 rows with query SELECT id, name FROM album WHERE name LIKE 'love' AND name LIKE
php select where,PHP where语句
2021-04-08 10:09

6785235456的博客语法SELECT column_name(s) FROM table_nameWHERE column_name operator value如需选取匹配指定条件的数据，请向 SELECT 语句添加 WHERE 子句。下面的运算符可与 WHERE 子句一起使用：为了让 P...
使用Prepared语句将MySQL SELECT结果存储在php变量中 mysql php
2017-01-18 21:34

回答 1 已采纳 As I mentioned in the comment, PHP now has a couple built in methods to handle encryption and decr
准备好的语句没有运行MYSQLI PHP php
2015-06-23 13:16

回答 2 已采纳 In conjunction with Mark's answer, am submitting the following as a complimentary answer and using
如何在mysqli预处理语句中使用多个内连接以及多个WHERE子句？ [重复] mysql php
2016-06-07 03:08

回答 1 已采纳 You have an error with your prepare, so check it $sql = $db->prepare("SELECT r.* from register
php中select from,关于php：SELECT * FROM MySQLi
2021-04-10 13:06

啊看看的博客我之前所有的MySQL查询都是这样构建的："SELECT * FROM tablename WHERE field1 = 'value' && field2 = 'value2'";这使得它非常容易，简单和友好。由于明显的安全性原因，我现在正尝试切换到mysqli，并且在...
MySQLi在while循环中准备语句 php
2014-08-15 23:30

回答 1 已采纳 Use a single query that JOINs all the subqueries: SELECT u.id, p.username, IFNULL(c.clicks, 0) AS
mysql的中in的参数怎么预处理,php – 如何在mysqli预处理语句中使用IN子句
2021-04-21 05:42

yannqing的博客 $ids = '123,535,345,567,878'$sql = "SELECT * FROM table WHERE id IN ($ids)";$res = mysql_query($sql);将其转换为mysqli和预处理语句我尝试了许多解决方案：$ids = '123,535,345,567,878'$ids = implode($ids,'...
mysqli php 语句,php – 如何回显MySQLi准备语句？
2021-04-22 18:24

半杯木的博客我现在正在使用MySQLi，试图弄清楚它是如何工作的。...但…我如何做一个准备好的MySQLi语句？例：$id = 1;$baz = 'something';if ($stmt = $mysqli->prepare("SELECT foo FROM bar WHERE id=? AND baz=?"...
PHP MYSQLi 过程式准备好语句
2022-09-12 09:29

allway2的博客通常与查询或更新等 SQL 语句一起使用，准备好的语句采用模板的形式，在每次执行期间将某些常量值替换到该模板中。但是在准备好的语句中，您必须执行至少 4 个选择步骤和 3 个插入、更新、删除步骤才能获得所需的...
php用mysqli从数据库中查询,在PHP中使用Mysqli操作数据库
2021-04-27 02:07

嘉实体育的博客 PHP的 mysqli 扩展提供了其先行版本的所有功能，此外，由于 MySQL 已经是一个具有完整特性的数据库服务器，这为PHP 又添加了一些新特性。...与 mysqli 几乎所有的特性一样，这一点可以使用面向...
防止 SQL 注入的 PHP MySQLi 准备语句教程
2022-08-21 13:01

allway2的博客这可能看起来很奇怪，为什么它甚至会保证自己的部分，因为您实际上可以一个接一个地使用准备好的语句。建议使用准备好的语句，因为它们显然更适合防止 SQL 注入并且不太容易出错，因为您不必担心手动格式化——相反...
php mysqli 执行语句,PHPmysqli增强-批量执行sql语句
2021-04-16 13:36

weixin_39781143的博客 mysqli 增强-批量执行sql 语句connect_error){ die ("连接失败".$mysqli->connect_error); } //注意分号 $sqls="insert into user1 (name,password,email,age) values('AAA',md5('AAA'),'AAA@hu.com',25);"; ...
没有解决我的问题, 去提问

悬赏问题

¥50 需求一个up主付费课程
¥20 模型在y分布之外的数据上预测能力不好如何解决
¥15 processing提取音乐节奏
¥15 gg加速器加速游戏时，提示不是x86架构
¥15 python按要求编写程序
¥15 Python输入字符串转化为列表排序具体见图，严格按照输入
¥20 XP系统在重新启动后进不去桌面，一直黑屏。
¥15 opencv图像处理，需要四个处理结果图
¥15 无线移动边缘计算系统中的系统模型
¥15 深度学习中的画图问题

MYSQLi中的准备语句与“SELECT WHERE IN”结合使用

1条回答 默认 最新

悬赏问题

1条回答默认最新