PDO and SQL IN statements

views:

answers:

PDO and SQL IN statements

Im using a sequel for search like this using PDOs

$states = "'SC','SD'"; $sql = "select * from mytable where states in (:states)"; $params = array(':states'=>$states);
and I use my function
$result = $this->selectArrayAssoc($sql, $params);
where my selectArrayAssoc function as following

public function selectArrayAssoc($sql, $params = array()){ try{ $sth = $this->db->prepare($sql); $sth->execute($params); $result = $sth->setFetchMode(PDO::FETCH_ASSOC); return $sth->fetchAll(); }catch(PDOException $e){ print $e->getMessage(); //Log this to a file later when in production exit; } }
it does not take the quoted variables, I think it is suppressing, in such cases how to deal with this.

When using prepared statement placeholders (parameter binding) in general, each occurrence of a placeholder holds exactly one variable.

You're trying to pass several. What's happening is basically that your parameters are escaped: Your :states is replaced with '''SC'',''SD''' or '\'SC\',\'SD\'' internally, rather than with just the raw 'SC','SD' that you want.

pinkgothic 2010-04-21 08:27:16

so how do I exactly pass my values here, I implode it from an array and get them like this('sc','sd') here. I tried various quoting methods, everything seem to be failing.

Sai 2010-04-21 08:37:05

You don't want to quote them. Given `$states = "'SC','SD'";` and `$sql = "select * from mytable where states in (:states)";`, you'll want `$sql = "select * from mytable where states in ('SC','SD')";`. Take a look at the question **Tom Haigh** linked you to.

pinkgothic 2010-04-21 08:43:28

got answer from one of other questions, thank you pinkgothic

Sai 2010-04-21 08:45:00

ansaurus

tags:

views:

answers:

PDO and SQL IN statements

related questions