0

I have query with IN clause and I want to use it as parameterized query. Here is code

$order_ids = array(1, 2, 3);
$q = " SELECT * FROM orders WHERE order_store_id IN(?)";
$order_items = $this->db->query($q, array(implode(", ", $order_ids))  );

But it loads only Order with ID 1.

But if I write WHERE order_store_id IN(implode(", ", $order_ids)) it loads all Order perfectly.

I have also tried 

$order_ids = array(1, 2, 3);
$q = " SELECT * FROM orders WHERE order_store_id IN(?)";
$in_val = implode(", ", $order_ids);
$order_items = $this->db->query($q, array($in_val )  );

But it also loads only Order ID 1

So how can I use parameterized query with IN clause?

Improve this question
1

5 Answers 5

Reset to default
1
  • Do not implode your array.
  • Do not wrap your placeholder in parentheses -- CodeIgniter adds these automatically.
  • The first element of the second parameter of the query() call should be your flat array.
$order_ids = [1, 2, 3];
return $this->db
    ->query(
        'SELECT * FROM orders WHERE order_store_id IN ?',
        [$order_ids]
    )
    ->result();
  • Do not resort to the inefficient practice of executing a query withFIND_IN_SET().

Because your query is simply converted to (more elegant) active record syntax, I would encourage that.

$order_ids = [1, 2, 3];
return $this->db
    ->where_in('order_store_id', $order_ids)
    ->get('orders')
    ->result();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Found this worked for someone:

$array = array("first", "second", "third");
$list = "'". implode("', '", $array) ."'";
echo $list; // Outputs: 'first', 'second', 'third';

You could test it.

Improve this answer

4 Comments

Can you check what is returned value if you use array(2,3,4)? Also, remove blank space from glue to remain ',' only.
Dear, I can easily get imploded string of array values even before your answer ... if you read my question, I asked that it is not working in parameterized query here $this->db->query($q, $xyz)
Just needed to know if is determined if that '1' is value from array or something like TRUE.
Use your first code with replaced array(2, 3, 4) and be sure it is array first element but no TRUE value in result. Dependently of server PHP version maybe you should initialize imploded string $string_from_array = implode(", ", $order_ids); first. Than, use it in code next line. Use back ticks for name of columns.
0

The query function treats the items passed to it accordingly, and in your case, the result of the exploded array is a string, so it is quoted, like this SELECT * FROM orders WHERE order_store_id IN('1, 2, 3'). When this happens, MySQL treats everything between the quote as one value and takes the first number, which is 1, every other thing is discarded. If you really want to go with CodeIgniter's query binding, use ',' as the glue in your implode statement, that way, all the items in the array gets quoted in the query SELECT * FROM orders WHERE order_store_id IN('1', '2', '3') or you could just implode the array into the IN clause without using query binding and not have to worry about the quotes.

Improve this answer

Comments

0

I used the FIND_IN_SET MySQL function instead to solve this problem.

For example: 

$order_store_id_str = '1,2,3';

$query = "SELECT * FROM orders WHERE FIND_IN_SET(order_store_id, ?)";

$this->db->query(
    $query,
    array($order_store_id_str)
);
Improve this answer

Comments

-1

Prepared statements can be thought of as a kind of compiled template for the SQL that an application wants to run, that can be customized using variable parameters. 

$order_ids = array(1, 2, 3);
$stmt = $dbh->prepare("SELECT * FROM orders WHERE order_store_id IN(?)");
$stmt->execute($order_ids);

If this can't help, refer details here.

Improve this answer

1 Comment

I am using CodeIgniter BTW

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.