TechQA.

MySQL where in (array)

261 views Asked by At 
function delete_group($db) {
    $ids = Parameters::get('ids');
    $ids = implode(',', $ids); // now a string like '5,6,7'.
    add_to_log($ids);
    try {
        $stmt = $db->prepare("DELETE FROM mytable WHERE id IN (:ids)");
        $stmt->bindParam(':ids', $ids, PDO::PARAM_STR);
        $stmt->execute();
        response('success', 'success', NULL);
    }
    catch (PDOException $e) {
        response('error', 'Delete group failed.', NULL);
    }
}

This code doesn't work: only the first row is deleted. But if I do

$stmt = $db->prepare("DELETE FROM mytable WHERE id IN ($ids)");

instead (just insert the string), it works, though the code has the SQL injection security issue. How to make it work and keep secured?

php mysql pdo sql-in
Original Q&A
1

There are 1 answers

5
Jessica On BEST ANSWER 
$ids = Parameters::get('ids');
$ids = array_map('intval', $ids);
$ids = implode(',', $ids);

Now you don't have to worry about injection.

Related Questions in PHP

Related Questions in MYSQL

Related Questions in PDO

Related Questions in SQL-IN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions