stackoom
  简体   繁体   中英

How to remove single quotes in prepare statement?

 原文  2016-07-04 17:05:59       php/ codeigniter/ codeigniter-3

Question

My query is like this :

$group_id = $session['group_id'];

$sql = "SELECT *
        FROM notification 
        WHERE group_id IN(?)";

$result = $this->db->query($sql, array($group_id))->result_array();

When I add : echo $this->db->last_query();die(); , the result is like this : 

SELECT * FROM notification WHERE group_id IN('1,13,2')

I want remove single quotes in order to the result is like this :

SELECT * FROM notification WHERE group_id IN(1,13,2)

How to remove single quotes in prepare statement?

5 answers

solution1
 4  2019-12-10 23:59:18

Changing %s placeholder to %1s remove Automattic single quote in prepare statement.

Example:

global $wpdb
$sql = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}posts WHERE post_status='wc-completed' AND ID IN(%1s)", '1,2,3' );

Reference links: Thanks

solution2
 1  2018-11-15 15:15:31

You either need to dynamically add in as many ? as you have values in the array...

Or stop using a prepared query and do something like the following:

$group_id = $session['group_id'];

$sql = "SELECT *
    FROM notification 
    WHERE group_id IN (".implode($group_id,",").")";

If the data hasn't come from a user you don't necessarily need to use a prepared query to make sure the data is safe. But if necessary you could do an is_numeric() check before the query to see if the data is valid.

solution3
 0  2016-07-05 07:06:11

I prefer you can use where_in command as below:-

$this->db->select('*');
$this->db->where_in('group_id',$group_id);
$this->db->get('notification');

solution4
 0  2016-07-12 03:08:49

All you have to do is make an array of group ids. Try as following

$group_id = explode(',',$session['group_id']);
$this->db->select('*');
$this->db->where_in('group_id',$group_id);
$this->db->get('notification');

it will work

solution5
 0  2016-07-12 04:34:12

You can this as below:

$session['group_id'] is probably a string. so you can convert that string into an array.

$group_id = explode(",", $session['group_id']);

Now $group_id is already an array. So, in below statement replace array($group_id) with just '$group_id' :

$result = $this->db->query($sql, array($group_id))->result_array();

so whole code will be like:

$group_id = explode(",", $session['group_id']);

$sql = "SELECT *
        FROM notification 
        WHERE group_id IN(?)";

$result = $this->db->query($sql, array($group_id))->result_array();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question pdo prepare escaping single quotes Can't escape single quotes inside an array even after PDO prepare statement and bind params PHP : how to use mysql prepare statement inside single quote How to remove single and double quotes from a string How to remove single quotes from expression? how to remove single quotes inside IN condition cakephp How to remove single quotes that is automatically inserted in codeigniter? how to remove single quotes and comma in single trim function in php How to remove single Quotes from parsing PHP Array into JSON? How to remove single quotes(') in between href /src in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM