0

I have to make an SQL command that look for a String in the database table that match one of the strings containing in my array.

//this is my array
$liste_des_themes=array("Préfectures et sous-préfectures","Mairie","Banque");
$stmt = $this->db->prepare('SELECT * FROM etablissements where type IN $liste_des_themes');//i tried this but seems not working
$stmt->execute();
$stmt->bind_result($id, $libelle);
while ($stmt->fetch()) {
    echo "$id $libelle<br/>";
}
$stmt->close();
Matteo B.
  • 3,906
  • 2
  • 29
  • 43
Malloc
  • 15,434
  • 34
  • 105
  • 192
  • 1
    try ... `$this->db->prepare("SELECT * FROM etablissements where type IN ('".implode("','", $liste_des_themes)."');` – Rufinus Jan 03 '12 at 15:50
  • 2
    @Rufinus add answers as answers, clarifying questions and insights as comments. – nikc.org Jan 03 '12 at 15:51

1 Answers1

5

You need to create an IN list in the correct format:

$liste_des_themes=array("Préfectures et sous-préfectures","Mairie","Banque");
$in_list = "'".implode("','", $liste_des_themes)."'";
$stmt = 
 $this->db->prepare('SELECT * FROM etablissements where type IN ('.$in_list.')');
Naftali
  • 144,921
  • 39
  • 244
  • 303
  • 1
    +1 although I would add a `array_map( 'mysql_real_escape_string', $liste_des_themes )` since I'm not sure if he really only wants to look for these static text pieces :/ besides: don't forget the `$` in front of the `liste_des_themes` variable – Matteo B. Jan 03 '12 at 15:55
  • 1
    I would consider looking at http://stackoverflow.com/questions/1534377/php-mysqli-where-in so that you can bind your array contents and not worry about SQL injection. – cmbuckley Jan 03 '12 at 15:55