[英]IN Sub Statement in Zend Prepared Statement
I am working on a project in which i need to use prepared statements to prevent sql injections. 我正在一个项目中,在该项目中,我需要使用准备好的语句来防止sql注入。 Although i find the syntax to be used for queries for update,delete and insert statements.
虽然我发现用于查询update,delete和insert语句的语法。 but for select query Its not working for IN sub statement.
但是对于选择查询,它不适用于IN子语句。 I am trying to do as follows :
我正在尝试做如下:
$arr= 'tomwased,eshantsahu';
$this->_db->fetchAll("select username,password from user where username in (?)",array($arr)));
but its not working.I am getting the string $arr from other code. 但是它不起作用我正在从其他代码中获取字符串$ arr。
$arr = array('tomwased','eshantsahu');
$db = Zend_Registry :: get('db');
$select = $db->select();
$select -> from("user",array('username','password'))
-> where("username in ?",$arr);
$stmt = $db->query($select);
$result = $stmt->fetchAll();
you can use statement like below 您可以使用如下语句
$productIds = array(1, 2, 3);
$select = $db->select()
->from('products',
array('product_id', 'product_name', 'price'))
->where('product_id IN (?)', $productIds);
And to convert as for user 并转换为用户
$username = array('tomwased','eshantsahu');
$select = $db->select()
->from('user',
array('username', 'password '))
->where('username IN (?)', $username );
hopw this will sure work for you 哇,这一定会为您工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.