PHP - Add parameters to sql query IN clause

Question

I'm trying to add params to the IN clause of a sql query in PHP.

The query:

$sqlQuery = <<<SQL 
    SELECT * FROM mytable where codes IN (:codes)"
SQL;

The params:

$params['codes'] = "'test','last'";

But this doesn't work i.e. doesn't return any results

$total = DB::select($sqlQuery, $params);

But this query run directly in the database returns results

SELECT * FROM mytable where codes IN ('test','last')

I'm guessing it has to with the parameters not being handled the same way for an IN clause, but I haven't been able to find anything about this.

Answer 1

If you are using Laravel, and if raw sql is not a must, you can do this instead.

DB::table("mytable")
    ->whereIn('codes', $param['codes'])
    ->get();

This should give you the relevant collection of mytable rows.

If you have model set up correctly as an Eloquent model, you can also do:

MyModel::whereIn('codes', $param['codes'])->get();

Should yield the same result.

Reference: Laravel documentation, under the section "whereIn / whereNotIn / orWhereIn / orWhereNotIn" under Additional Where Clauses

Answer 2

Try to spread the array and the params in the sql query. For example, the sql query should be like "SELECT * FROM mytable where codes IN (:param1,:param2)" and pass the params values using spread operator on the array $params['codes']. You can use foreach loop to make it dynamic

Answer 3

You can't bind a list like that. Each bound variable needs it's own placeholder. I'm assuming you don't know ahead of time how many parameters you'll have. Something like this would work, though this could certainly be optimized.

$codes = ['test','last'];
$qry = sprintf('SELECT * FROM mytable where codes IN (%s)',
    implode(',',array_filll(0, count($codes), '?')
);

$total = DB::select($qry, $codes);