[support] Place holders in SQL query
Pierre Rineau
pierre.rineau at makina-corpus.com
Mon Apr 11 10:20:52 UTC 2011
Le dimanche 10 avril 2011 à 22:05 -0700, Warren Vail a écrit :
> Not sure what you mean by generic, and never used the db_placeholders
> function, but this should work;
>
> $skillnames = array("PHP", "HTML","SQL");
> $tblname = "resubmt_skills";
> $query = sprintf("SELECT skillid FROM %s WHERE skillname in ('%s')",
> $tblname, "'".implode("', '",$skillnames)."'");
> //execute and fetch query results here
>
> not real elegant, but nothing is as elegant as the solution that works
> and maintainers can understand.
You can use the db_placeholders() function.
$skillnames = array("PHP", "HTML","SQL");
$tblname = "resubmt_skills";
$placeholder = db_placeholders($skillnames, 'varchar');
$query = "SELECT skillid FROM {%s} WHERE skillname in (" . $placeholder . ")";
db_query($query, array($tblname) + $skillnames);
Is another alternative, maybe a bit more "drupalistic".
You can compact it to:
$skillnames = array("PHP", "HTML","SQL");
db_query("SELECT skillid FROM {%s} WHERE skillname in (" . db_placeholders($skillnames, 'varchar') . ")"; array("resubmt_skills") + $skillnames);
Pierre.
More information about the support
mailing list