0

I send id to client side and then I collect each id to resend these ids string to server like "&before_ones=1,23,4,523,42,3" then I get this ids and I write NOT IN(?) with binding to $_GET['before_ones'] but it doesnt work(this is really complex query in the behind thats why I have not another way).Also I can do IN(before_ones) but there will be sql injection and I dont want to use mysqli_real_escape string. I created my Dynamicly binding system it works perfectly but my problem is only with prepare statement itself with IN operatorHow I can use IN with prepare in this case?

Alex
  • 29
  • 5
  • 1
    Start with http://stackoverflow.com/questions/5100046/how-to-bind-mysqli-bind-param-arguments-dynamically-in-php?rq=1 and many mooooore... – u_mulder Aug 04 '16 at 21:15
  • @Marc B I created my db class before and I have dynamicly binding system which is work perfectly,but My problem is just IN it doesnt work with prepare statement when I send data to ? (which is IN(?)) it only accept one of them – Alex Aug 04 '16 at 21:19
  • @u_mulder B I created my db class before and I have dynamicly binding system which is work perfectly,but My problem is just IN it doesnt work with prepare statement when I send data to ? (which is IN(?)) it only accept one of them – Alex Aug 04 '16 at 21:19
  • that's the whole point of placeholders. They represent ONE SINGLE value, not a list of values. `... foo IN (?)` is operationally identical to `... foo=?` if you want to pass in multiple values, you need multiple placeholders. yes, this is one place that placeholders are a massive pain the rump. – Marc B Aug 04 '16 at 21:20
  • @Marc B How I can do this? should I bind like this : id !=? OR id !=? OR id !=? OR id !=? OR id !=? OR id !=? OR id !=? OR id !=? OR;Is not it too heavy specialy with more params – Alex Aug 04 '16 at 21:23
  • generate `IN(?,?,?,...)` for however many placeholders you have, then pass all the parameters into the execute() call or do dynamic binding as well. Like I said, this is one place that placeholders totally suck. – Marc B Aug 04 '16 at 21:27
  • @Marc B it works!Can you delete duplicated flag because It is not duplicated about binding values – Alex Aug 04 '16 at 23:55

0 Answers0