Is there any proper way to escape array without brackets in MeekroDB?

Question

I want to write query like this in MeekroDB:

SELECT * FROM `tablename` WHERE `id` IN (3,1,2) ORDER BY FIELD (`id`,3,1,2)

And I expect it to work like this in meekro:

$possible_ids = array(1,2,3);
DB::query('SELECT * FROM `tablename` WHERE `id` IN %ld0 ORDER BY FIELD (`id`,%ld0)', $possible_ids);

But it get this:

SELECT * FROM `tablename` WHERE `id` IN (3,1,2) ORDER BY FIELD (`id`,(3,1,2))

Is there any way to avoid this brackets here?

score 1 · Answer 1 · answered Dec 26 '19 at 13:41

1

Try this one :

$possible_ids = implode(',', array(1, 2, 3));
//echo "SELECT * FROM `tablename` WHERE `id` IN %ld0 ORDER BY FIELD (`id`,%ld0)', $possible_ids";

DB::query('SELECT * FROM `tablename` WHERE `id` IN %ld0 ORDER BY FIELD (`id`,%ld0)', $possible_ids);

also you can check with echo query. try it's working fine.

answered Dec 26 '19 at 13:41

Akash Sathvara

81
1
7

Yeah, back then I used exactly this solution, but it's vulnerable to sql injections if used with user-provided data and I had to validate that data first. – Denis Sheremet Dec 27 '19 at 04:43

Is there any proper way to escape array without brackets in MeekroDB?

1 Answers1