我寫了下面的SQL查詢:如何在MySQL查詢中爲NOT IN子句指定命名參數值?
$media_category_ids = array(11, 12);
$params = array();
$sql = "SELECT `id`
FROM query
WHERE 1=1
AND WHERE query.media_category_id NOT IN (:media_category_ids)";
$params['media_category_ids'] = implode(",",$media_category_ids);
$prepared_query = $c->prepare($sql);
$prepared_query->execute($params);
但是我似乎無法獲得命名參數的語法中的「NOT IN子句正確的,因爲我得到以下錯誤:
Message: An exception occurred while executing 'SELECT `id` FROM query WHERE 1=1 AND WHERE query.media_category_id NOT IN (:media_category_ids)': SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE query.media_category_id NOT IN ('11,2')' at line 4
真的很感謝,如果有人能指出我在正確的方向。
只爲信息:確保你知道哪裏的ID來使用破滅之前。如果他們來自內部查詢,那麼很好。如果它們是從瀏覽器發佈的,那麼你需要轉義它們或者至少將它們轉換爲整數以避免注入攻擊。 – Cerad