0
为了防止Yii In子句中的SQL注入,我们需要绑定IN子句中的参数,但是Yii CDB标准查询在构建时不具有此功能。Yii为IN子句绑定值
$products_ids = array(234,100,405,506);
阵列映射用于结合
$in_query = implode(',', array_fill(0, count($products_ids), '?'));
准备commadn对象选择
$command = Yii::app()->db->createCommand()
->select('product_id, product_name, product_image, product_price')
->from('products')
->where('product_id IN(' . $in_query . ')');
绑定的参数
foreach ($products_ids as $k => $product_id){
$command->bindValue(($k+1),$product_id,PDO::PARAM_INT);
}
得到的结果
$products = $command->queryAll();