CODEWITHSUNDEEP
phpmysqlpdo
jonmrich
jonmrich

Reputation: 4323

Pass multiple parameters in PDO

My PHP looks like this:

$diagSel = $_POST['diagSel'];
$search_crit = $_POST['criteria']; //this is an entry like "85054,85206" (no quotes)
$sql1 = "SELECT * FROM `myTable` where`Diagnosis` = :diagnosis and `zip_code` in (:placeHolder) group by `Provider Number`";
$stmt = $dbh->prepare($sql1);
$stmt->bindParam(':diagnosis', $diagSel, PDO::PARAM_STR);
$stmt->bindParam(':placeHolder', $search_crit, PDO::PARAM_STR);
$stmt->execute();
$result1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
header('Content-type: application/json');
echo json_encode($result1);

Here's the problem...if the user enters multiple ZIP Codes (passed in criteria) that are comma separated, this ECHOs nothing. If they enter a single ZIP Code, it returns exactly what I'd expect.

Is there a way to pass a comma separated value by PDO such as 85054,85206 using prepared statements?

Thanks.

Upvotes: 0

Views: 1632

Answers (2)

Martin
Martin

Reputation: 6687

It is not, I'd recommend something like this:

$diagSel     = $_POST['diagSel'];
$search_crit = $_POST['criteria'];
$list        = explode(',', $search_crit);
array_map(array($dbh, 'quote'), $list);

$sql1 = sprintf('
  SELECT *
  FROM `myTable`
  WHERE `Diagnosis` = :diagnosis
  AND `zip_code` IN (%s)
  GROUP BY `Provider Number`', implode(',', $list));

$stmt = $dbh->prepare($sql1);
$stmt->bindParam(':diagnosis', $diagSel, PDO::PARAM_STR);
$stmt->execute();

$result1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
header('Content-type: application/json');
echo json_encode($result1);

Upvotes: 1

x86bit-destroyer
x86bit-destroyer

Reputation: 15

You can't use bindpram twice if you want to add multiple values to the SQL query have an array in the exec command to add in all the variables

Upvotes: 1

Related Questions