0

I have to make an SQL command that look for a String in the database table that match one of the strings containing in my array.

//this is my array
$liste_des_themes=array("Préfectures et sous-préfectures","Mairie","Banque");
$stmt = $this->db->prepare('SELECT * FROM etablissements where type IN $liste_des_themes');//i tried this but seems not working
$stmt->execute();
$stmt->bind_result($id, $libelle);
while ($stmt->fetch()) {
    echo "$id $libelle<br/>";
}
$stmt->close();
Matmarbon
  • 3,739
  • 2
  • 28
  • 42
Malloc
  • 14,159
  • 33
  • 104
  • 187
  • 1
    try ... `$this->db->prepare("SELECT * FROM etablissements where type IN ('".implode("','", $liste_des_themes)."');` – Rufinus Jan 03 '12 at 15:50
  • 2
    @Rufinus add answers as answers, clarifying questions and insights as comments. – nikc.org Jan 03 '12 at 15:51

1 Answers1

5

You need to create an IN list in the correct format:

$liste_des_themes=array("Préfectures et sous-préfectures","Mairie","Banque");
$in_list = "'".implode("','", $liste_des_themes)."'";
$stmt = 
 $this->db->prepare('SELECT * FROM etablissements where type IN ('.$in_list.')');
Naftali
  • 142,114
  • 39
  • 237
  • 299
  • 1
    +1 although I would add a `array_map( 'mysql_real_escape_string', $liste_des_themes )` since I'm not sure if he really only wants to look for these static text pieces :/ besides: don't forget the `$` in front of the `liste_des_themes` variable – Matmarbon Jan 03 '12 at 15:55
  • 1
    I would consider looking at http://stackoverflow.com/questions/1534377/php-mysqli-where-in so that you can bind your array contents and not worry about SQL injection. – cmbuckley Jan 03 '12 at 15:55