Created
November 5, 2013 23:12
-
-
Save brycefisher/7328057 to your computer and use it in GitHub Desktop.
drupal - create arbitrary number of placeholders for a SQL injection resistant db_query() call
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $nids = array(1, 2, 3, 4, 5); | |
| // This is the key piece to understand -- it creates as many placeholder as you want based on the length of $nids array. | |
| $placeholders = implode(',', array_fill(0, count($nids), '%d')); | |
| $results = db_query(" | |
| select r.title | |
| from {node_revisions} r | |
| join {node} n | |
| on r.vid = n.vid | |
| where n.nid in ($placeholders) | |
| ", $nids); // Notice how I think use the $placeholders in the the query. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment