This Question is Possibly Answered

1 "correct" answer available (4 pts) 1 "helpful" answer available (2 pts)
1 Replies Last post: Jul 5, 2014 2:04 AM by Michael Cummings  
Newbie Newbie 33 posts since
Jul 6, 2012
Currently Being Moderated

Jul 3, 2014 5:19 PM

Injecting string into query removes all MySQL parsing capabilities?

I am using prepared statemens with PDO in my project. When MySQL queries are written inside a PDO prepare() function, MySQL keywords, tablenames, etc., are different colors and autocomplete also works. Here's what one query looks like:

 

Untitled.png

 

Unfortunately, I sometimes need to use the IN(...) function in queries to select rows with a column value in a list of values. For example: "id IN(1,2,3,4,5)". The only reasonable way to do this with PDO (as far as I'm aware) is to directly inject it into the query string (there doesn't seem to be any way to bind the comma separated list of values to the query because when you do that it's treated as a string instead of a list of values). So the only solution I'm aware of is to do this: "id IN(' . $idString . ')".

 

This works, but the problem is that doing this causes the entire query to turn green (no more colors or autocompletion), like this:

 

Untitled2.png

 

This is very inconvenient.

 

Is there a solution to this problem?

Michael Cummings Newbie 1 posts since
Jul 5, 2014
Currently Being Moderated
Jul 5, 2014 2:04 AM in response to: Newbie
Re: Injecting string into query removes all MySQL parsing capabilities?

You can also use '?' place holds in PDO which is the better way to do what you need. This also has the advantage of being SQL so PS will understand it as well. You can read more about this and how to create the array you'll use in your execute at http://stackoverflow.com/questions/920353/can-i-bind-an-array-to-an-in-condition.

More Like This

  • Retrieving data ...