0
爲了防止Yii In子句中的SQL注入,我們需要綁定IN子句中的參數,但是Yii CDB標準查詢在構建時不具有此功能。Yii爲IN子句綁定值
$products_ids = array(234,100,405,506);
陣列映射用於結合
$in_query = implode(',', array_fill(0, count($products_ids), '?'));
準備commadn對象選擇
$command = Yii::app()->db->createCommand()
->select('product_id, product_name, product_image, product_price')
->from('products')
->where('product_id IN(' . $in_query . ')');
綁定的參數
foreach ($products_ids as $k => $product_id){
$command->bindValue(($k+1),$product_id,PDO::PARAM_INT);
}
得到的結果
$products = $command->queryAll();