0

Looking for the correct use for the Where and In clause. If this is not correct could you let me know the right way to use it please

    mysqli_query=($connection,"select * from tablename where a=1 or a=2 and c=1 and d=2);

I am trying to do the query this way using the in clause

    mysqli_query=($connection,"select * from tablename where a in(1,2) and c=1 and d=2);

is thsi the correct way to use the where and In when you are looking for more than one value in a?

Many thanks P

Patdundee
  • 161
  • 2
  • 10
  • Yes, the second is correct. Did you try it out? The first would need a `()` group like `where (a=1 or a=2) and c=1 and d=2` to give the equivalent result set. – Michael Berkowski Jan 09 '16 at 22:25

1 Answers1

1

First of all, don't put values in the query directly, you'll have SQL Injection vulnerabilities if those values comes from a user input and/or be more error prone.

Second, yours IN clause is correct, have a look at the MySql manual here. Using Mysqli you should prepare your statements so they get correctly escaped, this way:

$stmt = $mysqli->prepare("SELECT * FROM tablename WHERE a IN(?,?) and c=? and d=?")
$stmt->bind_param("iiii", 1, 2, 1, 2);
$stmt->execute();

have a look at the whole mysqli manual about the prepare statement here.

alex88
  • 4,788
  • 4
  • 39
  • 60