Zend准备语句中的IN子语句
[英]IN Sub Statement in Zend Prepared Statement
问题描述
I am working on a project in which i need to use prepared statements to prevent sql injections. 
我正在一个项目中,在该项目中,我需要使用准备好的语句来防止sql注入。 Although i find the syntax to be used for queries for update,delete and insert statements. 虽然我发现用于查询update,delete和insert语句的语法。 but for select query Its not working for IN sub statement. 但是对于选择查询,它不适用于IN子语句。 I am trying to do as follows : 我正在尝试做如下:
$arr= 'tomwased,eshantsahu';
$this->_db->fetchAll("select username,password from user where username in (?)",array($arr)));
but its not working.I am getting the string $arr from other code. 但是它不起作用我正在从其他代码中获取字符串$ arr。
2 个解决方案
解决方案1
0 2013-10-24 06:28:51
$arr = array('tomwased','eshantsahu');
$db = Zend_Registry :: get('db');
$select = $db->select();
$select -> from("user",array('username','password'))
-> where("username in ?",$arr);
$stmt = $db->query($select);
$result = $stmt->fetchAll();
解决方案2
0 2013-10-24 06:34:27
you can use statement like below 您可以使用如下语句
$productIds = array(1, 2, 3);
$select = $db->select()
->from('products',
array('product_id', 'product_name', 'price'))
->where('product_id IN (?)', $productIds);
And to convert as for user 并转换为用户
$username = array('tomwased','eshantsahu');
$select = $db->select()
->from('user',
array('username', 'password '))
->where('username IN (?)', $username );
hopw this will sure work for you 哇,这一定会为您工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.