我对passing an array of strings to a SQL statement in a WordPress plugin, 因为prepare方法在每个撇号之前都添加了反斜杠。
// I have an array of strings.
$the_array = [\'red\', \'green\', \'blue\'];
// I convert the array into a single string containing comma separated values surrounded by apostrophes.
$the_string = "\'" . implode("\', \'", $the_array) . "\'";
// And I pass the string to the query, using prepare (necessary to avoid SQL injections).
$db_options = $wpdb->get_col(
$wpdb->prepare(
"SELECT option_name
FROM $wpdb->options
WHERE option_name NOT IN (%s)",
$the_string
)
);
此代码生成的SQL语句如下,并添加了反斜杠:SELECT option_name
FROM wp_options
WHERE option_name NOT IN (\'\\\'red\\\', \\\'green\\\', \\\'blue\\\'\')
但这将返回表中的所有值,忽略NOT IN part!如何从PHP代码生成下面的正确语句(同时保留prepare方法)?
我需要这个:
SELECT option_name
FROM wp_options
WHERE option_name NOT IN (\'red\', \'green\', \'blue\')
谢谢大家!