php – Yii2：我可以将数组绑定到连接中的IN()条件吗？

发布时间：2020-12-13 17:00:49 所属栏目：PHP教程来源：网络整理

导读：我会尝试下面的查询,但不确定是否阻止sql注入？ $status = [1,2,3]; $param = implode(',',$status); $rows = (new yiidbQuery()) -select('*') -from('user') -leftJoin('post',"post.user_id = user.id AND post.some_column = $value AND post.status

我会尝试下面的查询,但不确定是否阻止sql注入？

$status = [1,2,3];
        $param = implode(',',$status);

        $rows = (new yiidbQuery())
            ->select('*')
            ->from('user')
            ->leftJoin('post',"post.user_id = user.id AND post.some_column = $value AND post.status IN ($param)");
            ->all();

return expected results but may be occur sql injection. My IN condition look like is IN (1,3)

$rows = (new yiidbQuery())
            ->select('*')
            ->from('user')
            ->leftJoin('post',"post.user_id = user.id AND post.some_column = :sid AND post.status IN (:param)",[':param' => $param,':sid' => $value]);
            ->all();

only compare first element in array because is look like this IN ('1,3') its consist single string not check second element in array only work on first element.

我参考下面的链接但不知道如何实现这个条件.

Can I bind an array to an IN() condition?

请给出如何在连接的一部分(PDO / Yii2 / mysql)中使用IN()条件的解决方案.

解决方法

基于 this issue：

$rows = (new yiidbQuery())
        ->select('*')
        ->from('user')
        ->leftJoin('post',['post.user_id' => new yiidbExpression('user.id'),'post.some_column' => $sid,'post.status' => $statuesArray]);
        ->all();

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!