PHP Question: PDO Prepare() and Execute() with MYSQL IN() not working for arrays

Question

I am using a PDO object in PHP to run MYSQL queries, and I seem to be having a problem with using the IN() clause with PDO::Prepare().

User Input: tags separated by a comma
ex) basketball,football

I code the following:

$query = 
"SELECT s.item_id, s.item_type, s.title
FROM search_all s 
WHERE EXISTS ( 
    SELECT t.item_id 
    FROM tags t 
    WHERE t.item_id = s.item_id AND t.item_type = s.item_type 
    AND t.tag IN (:tags) 
)";

$mysql_vars[':tags'] = implode("','",explode(',',$tags));
$stmt = $connection->prepare($query);
$stmt->execute($vars);
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);

From what I understand, execute() will wrap each variable in double quotes ("), so I manually add double quotes between each input, to mimic the sql like:

SELECT s.item_id, s.item_type, s.title
FROM search_all s 
WHERE EXISTS ( 
    SELECT t.item_id 
    FROM tags t 
    WHERE t.item_id = s.item_id AND t.item_type = s.item_type 
    AND t.tag IN ("basketball","football") 
)

This is not working for me, however. Is there any way to still use PDO's prepare() and execute() while using the sql IN() clause?

score 1 · Accepted Answer · answered Jun 22 '11 at 18:04

1

You would need to do something like AND t.tag IN (:tag1, :tag2)

Right now it thinks that you are textually looking for "basketball","football"

To do this you can do a query generator using PHP's string appends and loops :)

answered Jun 22 '11 at 18:04

maaudet

2,338
4
20
28

Thanks. I was hoping to not have to do that, but it does work that way :) – Ripptor Jun 22 '11 at 19:49

PHP Question: PDO Prepare() and Execute() with MYSQL IN() not working for arrays

1 Answers1

Linked