[support] Place holders in SQL query

Mon Apr 11 10:20:52 UTC 2011

Le dimanche 10 avril 2011 à 22:05 -0700, Warren Vail a écrit :
> Not sure what you mean by generic, and never used the db_placeholders 
> function, but this should work;
> 
> $skillnames = array("PHP", "HTML","SQL");
> $tblname = "resubmt_skills";
> $query = sprintf("SELECT skillid FROM %s WHERE skillname in ('%s')", 
> $tblname, "'".implode("', '",$skillnames)."'");
> //execute and fetch query results here
> 
> not real elegant, but nothing is as elegant as the solution that works 
> and maintainers can understand.

You can use the db_placeholders() function.

$skillnames = array("PHP", "HTML","SQL");
$tblname = "resubmt_skills";
$placeholder = db_placeholders($skillnames, 'varchar');
$query = "SELECT skillid FROM {%s} WHERE skillname in (" . $placeholder . ")";
db_query($query, array($tblname) + $skillnames);

Is another alternative, maybe a bit more "drupalistic".

You can compact it to:

$skillnames = array("PHP", "HTML","SQL");
db_query("SELECT skillid FROM {%s} WHERE skillname in (" . db_placeholders($skillnames, 'varchar') . ")"; array("resubmt_skills") + $skillnames);

Pierre.