phpmysqlwordpressprepared-statementin-clause

WordPress prepared statement with IN() condition


I have three values in a string like this:

$villes = '"paris","fes","rabat"';

When I feed it into a prepared statement like this:

$sql    = 'SELECT distinct telecopie FROM `comptage_fax` WHERE `ville` IN(%s)';
$query  = $wpdb->prepare($sql, $villes);

echo $query; shows:

SELECT distinct telecopie FROM `comptage_fax` WHERE `ville` IN('\"CHAPELLE VIVIERS \",\"LE MANS \",\"QUEND\"')

It is not writing the string as three separate values -- it is just one string with the double quotes escaped.

How can I properly implement a prepared statement in WordPress with multiple values?


Solution

  • Try this code:

    // Create an array of the values to use in the list
    $villes = array("paris", "fes", "rabat");    
    
    // Generate the SQL statement.
    // The number of %s items is based on the length of the $villes array
    $sql = "
      SELECT DISTINCT telecopie
      FROM `comptage_fax`
      WHERE `ville` IN(".implode(', ', array_fill(0, count($villes), '%s')).")
    ";
    
    // Call $wpdb->prepare passing the values of the array as separate arguments
    $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $villes));
    
    echo $query;