Injecting string into query removes all MySQL parsing capabilities?

I am using prepared statemens with PDO in my project. When MySQL queries are written inside a PDO prepare() function, MySQL keywords, tablenames, etc., are different colors and autocomplete also works. Here's what one query looks like:

Untitled.png

Unfortunately, I sometimes need to use the IN(...) function in queries to select rows with a column value in a list of values. For example: "id IN(1,2,3,4,5)". The only reasonable way to do this with PDO (as far as I'm aware) is to directly inject it into the query string (there doesn't seem to be any way to bind the comma separated list of values to the query because when you do that it's treated as a string instead of a list of values). So the only solution I'm aware of is to do this: "id IN(' . $idString . ')".

This works, but the problem is that doing this causes the entire query to turn green (no more colors or autocompletion), like this:

Untitled2.png

This is very inconvenient.

Is there a solution to this problem?

1 comment

You can also use '?' place holds in PDO which is the better way to do what you need. This also has the advantage of being SQL so PS will understand it as well. You can read more about this and how to create the array you'll use in your execute at http://stackoverflow.com/questions/920353/can-i-bind-an-array-to-an-in-condition.

0

Please sign in to leave a comment.