I use this code th get some result by using find() function
$id = implode(',', (array)$id);
$post = MyPost::find("post_id IN (".$id.")");Is this normal to use "IN" and I'm curious about is it has security issue like SQL Injection ?
Thanks
Hey
Maybe It will sql injection , you must use binding paramaster see here https://docs.phalcon.io/en/latest/reference/models.html#binding-parameters
Hi ! like this ?
$id = array(1,2,3);
$post = MyPost::find(array(
"conditions" => "post_id IN (:id:)",
"bind" => $id
));or i have to do the same thing like... use implode() to make my array to string ?
Thanks
It not working now (pull request https://github.com/phalcon/cphalcon/pull/2990)
You can use something like this:
$id = implode(',', array_map('intval',(array)$id));
$post = MyPost::find("post_id IN (".$id.")");
Hi ! but it will return 0 when I input some characters , if i dont want the id with 0 and the result is what i want :O
Thanks!
It not working now (pull request https://github.com/phalcon/cphalcon/pull/2990)
You can use something like this:
$id = implode(',', array_map('intval',(array)$id)); $post = MyPost::find("post_id IN (".$id.")");
$ids = [1,2,3];
$post = MyPost::find([
"conditions" => "post_id IN ({ids:array})",
"bind" => ["ids" => $ids ],
"bindTypes" => ["ids", \Phalcon\Db\Column::BIND_PARAM_INT]
]);