ansaurus

Question

Answer 1

+3 A:

Aren't you just missing a )? It should be

$getOpt=$wkHook->prepare("select movementId, movementName from Movement where movementId IN ($backaa0) order by movementName asc");

Nicolò Martini 2010-03-25 17:08:08

And check the name of the $backaa/$backaa0 var, as said by Jage

Nicolò Martini 2010-03-25 17:12:55

Answer 2

+1 A:

The var in your query is $backaa0 and in your code is $backaa. And you are missing a ")".

$backaa = implode(",", $backa);
/* code to create connection object $wkHook */
$getOpt=$wkHook->prepare("select movementId, movementName from Movement where movementId IN ($backaa0 order by movementName asc");

Jage 2010-03-25 17:10:02

Sorry, I butchered that in the copy and past and then made a typo in fixing it. The original code is ($backaa) and does not work.

robert knobulous 2010-03-25 17:15:38

Answer 3

+1 A:

As already pointed out, your query is invalid SQL. Read the error messages: they're there to help you.

Whatever, if you inject parameter values into plain SQL, you miss the whole point of prepared statements.

None of the DB libraries I've worked with support parameters that expand to more than one parameters. In general, you need to generate n different parameters from your array and bind them all individually so you end up with:

$getOpt=$wkHook->prepare("select movementId, movementName from Movement where movementId IN (?, ?, ?, ?) order by movementName asc");

It's easy to automate with a combination of array_keys() and implode().

Álvaro G. Vicario 2010-03-25 17:19:34

No, I've actually done this before and it works. I am just messing up the way the variable is given and I cannot for the life of me remember the proper way to do it. I've tried single quotes, double quotes, parenthesis, brackets... it's driving me insane.

robert knobulous 2010-03-25 17:23:30

Then slap an if() around the execute statement. It returns false if the execute/query failed, after which you can check `$getOpt->errorInfo()` for the exact SQL error code and most likely a full-text version of the error message, which will also generally have some context of where in the query the problem occured.

Marc B 2010-03-25 19:08:37

Answer 4

A:

If you bind $backaa, you are essentially saying:

...where movementId IN ('"1", "7", "8", "9", "12"') order by...

See, what's happening? It's being treated as 1 parameter, namely a string consisting of numbers, commas, and quotes. So I don't see how that would work.

As for binding it as an array, that makes more sense, but it sounds like that's not working out for you so I don't know.

I think this would work:

...where movementId IN (".$backaa.") order by...

But then you're not really binding anything, so you might as well break out your real_escape_string(). I suspect this may have been how you did this before.

Syntax Error 2010-03-25 18:20:02

Answer 5

A:

the problem is the implode, try:

$backaa = "'". implode("', '", $backa) ."'";

Angelbit 2010-06-10 16:09:12

ansaurus

tags:

views:

answers:

Mysql IN clause, php array

related questions