php-如何在Codeigniter中使用IN-operator进行绑定查询

2022-11-05 22:37:19

“我通过使用绑定参数重写它们来适应我的一些查询,以防止SQL注入.对于简单的查询,这很简单:

例如

// Old code 
$sql = "SELECT * FROM some_table WHERE id = 4 AND author = 'Bob'";
$this->db->query($sql);

// New Bound SQL query
$sql = "SELECT * FROM some_table WHERE id = ? AND author = ?";
$this->db->query($sql, array(4, 'Bob'));

我在使用IN运算符进行查询时遇到麻烦.如建议的here,我尝试了以下方法:

// Old code 
$sql = "SELECT * FROM some_table WHERE id = 7 AND author IN ('Bob','Geoff)";
$this->db->query($sql);

// New Bound SQL query
$sql = "SELECT * FROM some_table WHERE id = ? AND author IN ?";
$this->db->query($sql, array(7, array('Bob','Geoff')));

但是,此查询失败,并显示错误消息:

“You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘Array’ at line 6”

看来查询已更改为:

"SELECT * FROM some_table WHERE id = '5' AND author IN Array"

我真的看不到我在做什么错.有什么建议么?

解决方法:

您可以使用where_in作为

$array = array('Bob', 'Geoff');
$this->db->select('*');
$this->db->where('id', 7);
$this->db->where_in('author', $array);//WHERE author IN ('Bob', 'Geoff')
$this->db->get('some_table');
上一篇:mysql-如果满足所有条件,则提取行


下一篇:php-如何为codeigniter项目完美设置虚拟主机