Passing an array to a query using a WHERE clause

by

BEWARE! This answer contains a severe SQL injection vulnerability. Do NOT use the code samples as presented here, without making sure that any external input is sanitized.

$ids = join("','",$galleries);   
$sql = "SELECT * FROM galleries WHERE id IN ('$ids')";

More Related Contents:

  1. Php mysql tabs don’t output [closed]
  2. Update Mysql except when field not null
  3. How can I prevent SQL injection in PHP?
  4. UTF-8 all the way through
  5. SQL injection that gets around mysql_real_escape_string()
  6. Can I mix MySQL APIs in PHP?
  7. jQuery Validate remote method usage to check if username already exists
  8. MySQL query to get column names?
  9. How do you connect to multiple MySQL databases on a single webpage?
  10. PDO get the last ID inserted
  11. LIMIT keyword on MySQL with prepared statement [duplicate]
  12. Pagination using MySQL LIMIT, OFFSET
  13. How to call a MySQL stored procedure from within PHP code?
  14. Best way to check if mysql_query returned any results?
  15. mysql_fetch_array return only one row
  16. Insert multiple rows with PDO prepared statements
  17. mysql query result in php variable
  18. mysql_real_escape_string is undefined
  19. Unknown database error in PHP but it exists in PHPMyAdmin
  20. How Can I Set the Default Value of a Timestamp Column to the Current Timestamp with Laravel Migrations?
  21. Can I blindly replace all mysql_ functions with mysqli_?
  22. How do detect that transaction has already been started?
  23. return multiple response data in one response
  24. CakePHP Database connection “Mysql” is missing, or could not be created
  25. MySQL Alter Table Add Field Before or After a field already present
  26. mysql error ‘TYPE=MyISAM’
  27. Storing datetime as UTC in PHP/MySQL
  28. Backup a mysql database and download as a file
  29. Is a BLOB converted using the current/default charset in MySQL?
  30. PHP/MySQL Pagination

Leave a Comment