【发布时间】:2014-03-12 13:13:49
【问题描述】:
我编写了以下 SQL 查询:
$media_category_ids = array( 11, 12);
$params = array();
$sql = "SELECT `id`
FROM query
WHERE 1=1
AND WHERE query.media_category_id NOT IN (:media_category_ids)";
$params['media_category_ids'] = implode(",",$media_category_ids);
$prepared_query = $c->prepare($sql);
$prepared_query->execute($params);
但是,当我收到以下错误时,我似乎无法正确获取“NOT IN”子句中命名参数的语法:
Message: An exception occurred while executing 'SELECT `id` FROM query WHERE 1=1 AND WHERE query.media_category_id NOT IN (:media_category_ids)': SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE query.media_category_id NOT IN ('11,2')' at line 4
如果有人能指出我正确的方向,真的很感激。
【问题讨论】:
-
仅供参考:确保在使用 implode 之前知道 id 的来源。如果它们来自内部查询,那很好。如果它们是从浏览器发布的,那么您需要对它们进行转义,或者至少将它们转换为整数以避免注入攻击。
标签: mysql doctrine-orm prepared-statement named-parameters notin