|
|
|
|
|
|
by sellyme
1796 days ago
|
|
|
> You can Google php parameterize query and get atleast 2 different methods of doing this There's no way of doing this with a single parameter. You need to parameterise every single individual item in the IN clause to do it that way, which is a horrific solution when it's of a completely unknown length. Still better than string concatenation in many cases, but that the language has no in-built way of doing it is one of the many reasons PHP code is so often vulnerable to injection attacks. There's so much friction to writing secure code. |
|
|