2

I need to execute an "IN" query which has a list of elements (array) twice using PDO in order to avoid SQL Injection. The query that I need is: 

SELECT user_id 
FROM user 
WHERE google_id IN ('123123123abacaa','123bac21') 
   OR facebook_id IN ('123123123abacaa','123bac21');

As you can see, the list of elements is always the same. But I don't know how to asign my array to the second "IN" statement, PHP throws me an "Invalid parameter number" error. Here is my code:

$list = implode(',', array_fill(0, count($ids), '?'));
$sql = "SELECT user_id 
        FROM user 
        WHERE google_id IN (".$list.") 
          OR facebook_id IN (".$list.");";

$stmt = $db->prepare($sql);
$stmt->execute(array_values($ids));

Could anyone tell me how to achieve this?

Thank you in advance

EDIT: A bit different of the provided "possible duplicated" because I need to use the array two times in the SQL clause

SOLUTION: As @u_mulder say it's easily solved by changing the "execute" statement for:

$stmt->execute(array_merge(array_values($ids), array_values($ids)));
Improve this question
1

1 Answer 1

Reset to default
2

In your case you can just merge array of your params with itself:

$stmt->execute(array_merge(array_values($ids), array_values($ids)));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If my answer helped you there - accept it, no need to edit your question with a solution.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.