Marco.org

I wrote a new MySQL parameterized-query parser for our framework’s Database class to support array arguments for IN expressions.

Before, it was limited to standard prepared-statement placeholders with optional type declarations:

$db->query('SELECT * FROM users WHERE id = ?i OR name = ?s', $id, $name);

Now, I can do this:

$db->query(
    'SELECT * FROM users WHERE id IN ?ai OR name IN ?as', 
    array(1, 2, 3),
    array('you', 'me', "escape'me")
);

Even though the mysqli layer doesn’t support that, my parser automatically escapes the values and expands it into a list, interpreting ‘ai’ to mean an array of integers:

SELECT * FROM users WHERE id IN (1,2,3) OR name IN ('you', 'me', 'escape\'me');

I’ve wanted this feature for months, but never got around to doing it.

The guy next to me read the in-flight magazine.