I wrote a new MySQL parameterized-query parser for our framework’s Database class to support array arguments for IN expressions.
Before, it was limited to standard prepared-statement placeholders with optional type declarations:
$db->query('SELECT * FROM users WHERE id = ?i OR name = ?s', $id, $name);
Now, I can do this:
$db->query( 'SELECT * FROM users WHERE id IN ?ai OR name IN ?as', array(1, 2, 3), array('you', 'me', "escape'me") );
Even though the
mysqli layer doesn’t support that, my parser automatically escapes the values and expands it into a list, interpreting ‘ai’ to mean an array of integers:
SELECT * FROM users WHERE id IN (1,2,3) OR name IN ('you', 'me', 'escape\'me');
I’ve wanted this feature for months, but never got around to doing it.
The guy next to me read the in-flight magazine.