I am a little late to the game and am trying to transition to PDO from mysql_* while trying to tackle a current challenge. I have an interface where I capture box number values within an array and that array is stored in another array by line item (for clarity purposes these are nested arrays).
My main purpose is to take the box numbers for a particular line item and run a mysql select query to return the number of units in that given set of boxes. If the qty in the boxes is not the quantity the user thinks there are I want it to throw an error.
Currently my challenge is I'm getting an empty result set. I believe this to be due to my array of box numbers not being properly passed to the PDO select statement. Any thoughts or guidance would be much appreciated.
Here is what I have so far:
$Boxes = $_POST['Boxes']; //this includes box numbers within an array for each line item of a form
$e = 0;
while($e<$num1){
$units = 0;
$r = 0;
$SO_Line_Item=mysql_result($result1,$e,"SO_Line_Item");
foreach ($Boxes[$e] as $a => $b) // the purpose of this loop is to take the values from Boxes and store it in $zzz which I hope to use in my Select statement below.
{
$zzz[] = $Boxes[$e][$r];
$r++;
}
//end inner foreach
$BNs= implode(',', $zzz);
$db = new PDO('mysql:host=XXXXXX ;dbname=XXXXXX', $dbuser,$dbpass);
$stmt = $db->prepare("SELECT Box_Num,Timestamp,SN,Assy_Status FROM Current_Box WHERE Box_Num IN(' . $BNs . ')");
$stmt->execute($zzz);
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($results); // this shows up as an empty array
}
$e++;
}
IN(...)clauses,and you do in fact haev to do some dynamic stuff to convince PDO to work with this.count() - 1, actually, if you're 0-basing. but yeah, that's the basic idea. placeholders have to have a 1:1 match with their associated values, so you generate a?,?,?,...series and bind each value independently. it's still a 'home brew' query, but all you're inserting are?and,, so the injection potential is 0.