带有包含数组的子句的PDO查询无法正常工作

时间:2017-12-31 10:51:16

标签: php arrays pdo

我有这段代码:

$Array=array();
array_push($Array,"Email1","Email2");
$Array=implode("','",$Array);
$Array="'$Array'";
echo "$Array" //Will output 'Email1','Email2'
$Check=$connection->prepare("SELECT ID FROM USERS WHERE EMAIL IN(:Array)");
$Check->execute(array(
    ':Array' => $Array,
));

此查询无法正常工作,但如果我写:

$Check=$connection->prepare("SELECT ID FROM USERS WHERE EMAIL IN('Email1','Email2')");
$Check->execute(array(
    ':Array' => $Array,
));

这样可行,但我不会绑定数组以避免SQL注入。 我该如何解决?

1 个答案:

答案 0 :(得分:0)

您不希望将内爆列表绑定为一个元素,而是使用$values = ["Email1","Email2"]; # This should give you ?,? $bindstr = implode(",",array_fill(0,count($values),'?')); $query = $connection->prepare("SELECT ID FROM USERS WHERE EMAIL IN({$bindstr})"); # Use the raw values individually in the execute $query->execute($values); 单独绑定每个值,因此语句的结尾将为bash

ssh -t -t generic_userID@remote-host bash --noprofile

希望你得到的结果应该得到回报。

相关问题
最新问题