Pulling ids from cookie, then using NOT IN sql query not working with variable

Question

I am setting a cookie everytime a user views an image, and then when they view another I modify that cookie to also have a value including the last image id viewed.

Eg

First image: Cookie = 0;

For each after: Cookie = 0,3,4,6,1,44,2

etc.

I am then checking for that cookie, getting the value and trying to put into a query:

$value = 0;
// check for cookie
if ( isset($_COOKIE['viewed']) ) {
    $value = $_COOKIE['viewed'];
}

$stmt = $conn->prepare("SELECT * FROM images where id NOT IN (:viewed) ORDER BY rand() LIMIT 1");
$stmt->execute([':viewed' => $value]);

But this isn't taking any affect on the result returned.

If I hardcode the NOT IN to (1,2,4) then it will eliminate those results.

In my JSON return I check what the string is:

$return['cookie'] = $value;

And the value shows:

"cookie":"0,3,3,2,2,2,2,3,2,2,1,1,1,1,2,1,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,1,3,1,3,2,2,3,3,2,2,3,2,2,2,1"

How can I get this to work?

Answer 1

Try this:

$value = 0;
// check for cookie
if ( isset($_COOKIE['viewed']) ) {
    $value = $_COOKIE['viewed'];
}

$stmt = $conn->prepare("SELECT * FROM images where id NOT IN (:viewed) ORDER BY rand() LIMIT 1");
$stmt->execute(array(':viewed' => $value));

PDO::execute() only take value in array. see: http://php.net/manual/en/pdostatement.execute.php

Answer 2

Probably thats due to the $value param itself. PHP is a loosely typed language

$stmt = $conn->prepare("SELECT * FROM images where id NOT IN (:viewed) ORDER BY rand() LIMIT 1");
$stmt->execute([':viewed' => $value]);
// Here $value is something not evaluated

Instead, do this

$valueArr = $value.explode(",");
$notIn = "";

for($i=0; $i<$valueArr.count(); $i++){
    $notIn .= $valueArr[$i]
}
$stmt = $conn->prepare("SELECT * FROM images where id NOT IN (:viewed) ORDER BY rand() LIMIT 1");
$stmt->execute([':viewed' => rtrim($notIn), ","]);