I have the following code in php to query the database based on an array sent by the client.
$limit = $_POST['limit'];
$userArray = json_decode($_POST['arr'], true);
$queryPlaceholders= implode(',', array_fill(0,count($userArray), '?'));
$stmt = $db->prepare("SELECT * FROM tableA
WHERE tableA.id IN (".$queryPlaceholders.")
LIMIT ?");
foreach($userArray as $k => $val){
$stmt->bindParam(($k+1), $val);
}
$stmt->bindValue(count($userArray) + 1, (int)trim($limit), PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo $result;
This code appears to have an error. If I send an array containing the values 11 & 17, the query seems to only run with the value 17, not both 11 and 17.
If I print_r($userArray) I get Array
(
[0] => 11
[1] => 17
)
so I know php has the correct array. However, running this query with the code above, and running the query below yields different answers:
SELECT * FROM tableA
WHERE tableA.id IN (11,17)
LIMIT 10
When running the code above, It appears to infact run this query?
SELECT * FROM tableA
WHERE tableA.id IN (17)
LIMIT 10
I've also placed statements in the foreach loop that tells me both elements of the array (11 & 17) are being bound to the $stmt
