-1

I just add code because it will say everything. And yes, it does not work and I dont know why :(

$array = array('One', 'Two', 'Three');
$string = "'" . implode("', '", $array) . "'";

$query = "SELECT * FROM $table WHERE name IN (" . $string . ")";
$make = $this->conn->prepare($query);
$make->execute();
$result = $make->fetchAll();

It returns empty array. Thank you for your help.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
lamka02sk
  • 993
  • 1
  • 10
  • 14
  • [`check_for_errors($this->conn)`](http://php.net/manual/en/pdo.error-handling.php) on `execute()`. – Funk Forty Niner Feb 09 '16 at 19:04
  • 2
    Echo out your query. Does it look like you think it should? Take advantage of binding parameters, so you don't have to encapsulate it yourself. – aynber Feb 09 '16 at 19:05
  • I use PDO, and it echo every error for me. The problem is that the imploded string is actually "not a string" but I dont know why. When I write it by myself, it works... – lamka02sk Feb 09 '16 at 19:06
  • 1
    Are you sure you have the `$table` defined properly? – dokgu Feb 09 '16 at 19:08
  • Yes I am, because when I echo imploded array and paste string inside IN(), it works. – lamka02sk Feb 09 '16 at 19:10
  • Look in your error logs. Because you're assuming the query should run, the error logs (or error reporting, enabled) will give you lot's of valuable insight as to what is going on here. I *strongly suspect* that `$table` is not be set properly. – Jay Blanchard Feb 09 '16 at 19:12
  • When I echo my query it looks like this: SELECT * FROM steam WHERE name IN ('AWP | Hyper Beast', 'StatTrak™ AWP | Hyper Beast', 'AWP | Man-o'-war', 'StatTrak™ AWP | Man-o'-war', 'AWP | Asiimov', 'StatTrak™ AWP | Asiimov') – lamka02sk Feb 09 '16 at 19:13
  • 2
    There you go - `Man-o'-War` is burping your query. You should use prepared statements. – Jay Blanchard Feb 09 '16 at 19:14
  • OK, I added bindParam, but still nothing :( – lamka02sk Feb 09 '16 at 19:17
  • Pass the array in your execute statement: `$make->execute($array);` – Jay Blanchard Feb 09 '16 at 19:18

1 Answers1

0

The problem comes in because you have single quotes in the values you're trying to pass to the table, i.e. "Man-o'-War".

Because you're using an array and a prepared statement you should pass the array when you execute the query:

$array = array('One', 'Two', 'Three');

$query = "SELECT * FROM $table WHERE name IN (" . implode(',',str_split(str_repeat('?',count($array)))).") ";
$make = $this->conn->prepare($query);
$make->execute($array);
$result = $make->fetchAll();

To insure we have enough positional placeholders we perform a little magic with implode(), str_split() and str_repeat() to get enough ? in the statement.

From Demystifying PHP's Data Objects (PDO)

YOU MUST pass all values to bind in an array to PDOStatement->execute() or you have to bind every value with PDOStatement->bindValue(), then call PDOStatement->execute() with no parameters. Passing an array (empty or not) to execute() will replace any previous bindings and can lead to errors, e.g. with MySQL the error "SQLSTATE[HY000]: General error: 2031" (CR_PARAMS_NOT_BOUND) if you passed an empty array.

One other note, make sure that $table is properly populated (and no, you cannot pass table or column names as parameters in PDO).

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119