Looks like you’re using the php script to construct a sql statement. I do this all the time. Try something like:
$galleryIds = implode(“,”,$galleries);
$sql = “SELECT * FROM galleries WHERE id IN ($galleryIds)”;
Cheers and please vote me up!!
OK, Here’s an edit because it seems that the Stack thinks you’re going to use this for production code(I wouldn’t).
Please use some kind of routine plus a database abstraction layer to deal with the escaping to prevent injection:
For instance, when getting your galleryIds from your database, run a check that they are all numeric data-types, and of course do something like Zend’s db->quote($galleryIds) when using the variable in your sql construction.
For instance
1
solved how to store and retrieve array in mysql [closed]