I'm facing a little problem with mysqli and prepared statements:
I want to prepare and "IN" statement in sqli but it does not work for me! :-(
Can someone help or explain me what I'm doing wrong? I think it's because of the way prepared statements work and therefore like some magic (strip, addslashed ...) are preventing my solution so maybe I need something else but can figure it out. This is my sql statement:
$dbPrepare = $db->prepare(
'SELECT
`name`, `image`
FROM `sometable`
WHERE `number` IN (?)'
);
$dbPrepare->bind_param('s', $numbers);
and that is my way of achieving the "$numbers":
$numbers = implode('","', explode(',', $_GET['numbers']));
the "var_dump($numbers)" result is like this: string(5) "a","b" ($_GET['numbers'] get it's value like this: &numbers=a,b)
I know, maybe not the best solution, but actually I wanna transfer (in the end could be $_POST) some data to a "IN" statement including a prepared variable.
FOR REFERENCE: this is working:
$dbPrepare = $db->prepare(
'SELECT
`name`, `image`
FROM `sometable`
WHERE `number` IN ("'.implode('","', explode(',', $_GET['numbers'])).'")'
);
So I'm quite sure it's because of the prepared variable.
Thanks in advance!
