update a table where id is inside a string [duplicate]












0
















This question already has an answer here:




  • Can I bind an array to an IN() condition?

    21 answers



  • Mysql search with comma delimited string

    3 answers




I want to update a table where id is inside a comma separated string. 



$str = "1,2,3,4,5,6,7,8,9,10,11";

$sql = "update abc set status = 'home' where id in '" . $str . "'";

$st = $db->prepare($sql);

$st->execute();


Also tried: 



$sql = "update abc set status = 'home' where id in " . $str;


In both cases I'm getting a syntax error.



Any help?






php mysql







share|improve this question













marked as duplicate by Shadow mysql
Users with the  mysql badge can single-handedly close mysql questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 21 '18 at 6:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • str is not an array, it's a string.

    – puerto
    Nov 21 '18 at 6:55











  • Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

    – Dominique Fortin
    Nov 21 '18 at 7:14






  • 1





    @Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

    – Dominique Fortin
    Nov 21 '18 at 7:21











  • @DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

    – Shadow
    Nov 21 '18 at 8:10











  • @Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

    – Madhur Bhaiya
    Nov 21 '18 at 10:31
















0
















This question already has an answer here:




  • Can I bind an array to an IN() condition?

    21 answers



  • Mysql search with comma delimited string

    3 answers




I want to update a table where id is inside a comma separated string. 



$str = "1,2,3,4,5,6,7,8,9,10,11";

$sql = "update abc set status = 'home' where id in '" . $str . "'";

$st = $db->prepare($sql);

$st->execute();


Also tried: 



$sql = "update abc set status = 'home' where id in " . $str;


In both cases I'm getting a syntax error.



Any help?






php mysql







share|improve this question













marked as duplicate by Shadow mysql
Users with the  mysql badge can single-handedly close mysql questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 21 '18 at 6:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • str is not an array, it's a string.

    – puerto
    Nov 21 '18 at 6:55











  • Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

    – Dominique Fortin
    Nov 21 '18 at 7:14






  • 1





    @Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

    – Dominique Fortin
    Nov 21 '18 at 7:21











  • @DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

    – Shadow
    Nov 21 '18 at 8:10











  • @Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

    – Madhur Bhaiya
    Nov 21 '18 at 10:31














0












0








0









This question already has an answer here:




  • Can I bind an array to an IN() condition?

    21 answers



  • Mysql search with comma delimited string

    3 answers




I want to update a table where id is inside a comma separated string. 



$str = "1,2,3,4,5,6,7,8,9,10,11";

$sql = "update abc set status = 'home' where id in '" . $str . "'";

$st = $db->prepare($sql);

$st->execute();


Also tried: 



$sql = "update abc set status = 'home' where id in " . $str;


In both cases I'm getting a syntax error.



Any help?






php mysql







share|improve this question















This question already has an answer here:




  • Can I bind an array to an IN() condition?

    21 answers



  • Mysql search with comma delimited string

    3 answers




I want to update a table where id is inside a comma separated string. 



$str = "1,2,3,4,5,6,7,8,9,10,11";

$sql = "update abc set status = 'home' where id in '" . $str . "'";

$st = $db->prepare($sql);

$st->execute();


Also tried: 



$sql = "update abc set status = 'home' where id in " . $str;


In both cases I'm getting a syntax error.



Any help?





This question already has an answer here:




  • Can I bind an array to an IN() condition?

    21 answers



  • Mysql search with comma delimited string

    3 answers







php mysql




php mysql






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 6:42









puertopuerto

968511




968511




marked as duplicate by Shadow mysql
Users with the  mysql badge can single-handedly close mysql questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 21 '18 at 6:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Shadow mysql
Users with the  mysql badge can single-handedly close mysql questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Nov 21 '18 at 6:53


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.















  • str is not an array, it's a string.

    – puerto
    Nov 21 '18 at 6:55











  • Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

    – Dominique Fortin
    Nov 21 '18 at 7:14






  • 1





    @Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

    – Dominique Fortin
    Nov 21 '18 at 7:21











  • @DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

    – Shadow
    Nov 21 '18 at 8:10











  • @Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

    – Madhur Bhaiya
    Nov 21 '18 at 10:31



















  • str is not an array, it's a string.

    – puerto
    Nov 21 '18 at 6:55











  • Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

    – Dominique Fortin
    Nov 21 '18 at 7:14






  • 1





    @Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

    – Dominique Fortin
    Nov 21 '18 at 7:21











  • @DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

    – Shadow
    Nov 21 '18 at 8:10











  • @Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

    – Madhur Bhaiya
    Nov 21 '18 at 10:31

















str is not an array, it's a string.

– puerto
Nov 21 '18 at 6:55





str is not an array, it's a string.

– puerto
Nov 21 '18 at 6:55













Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

– Dominique Fortin
Nov 21 '18 at 7:14





Try $sql = "update abc set status = 'home' where instr(',". $str.",', ','+CAST(id AS VARCHAR(10))+',') > 0";. The idea is to search a string like :1:11:111:1111: for a substring like :11:. By wrapping at the front and at the end with the separator, you are guarantee to not find false positive.

– Dominique Fortin
Nov 21 '18 at 7:14




1




1





@Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

– Dominique Fortin
Nov 21 '18 at 7:21





@Shadow The two question might look similar, but they have different type of data. It might be possible to transform a string into an array, but it very inefficient and therefore requires a different solution. It's like fitting a circle into a square.

– Dominique Fortin
Nov 21 '18 at 7:21













@DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

– Shadow
Nov 21 '18 at 8:10





@DominiqueFortin in this particular case using a string as an input means that only string interpolation can be used, which would open up the code to sql injection.

– Shadow
Nov 21 '18 at 8:10













@Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

– Madhur Bhaiya
Nov 21 '18 at 10:31





@Shadow this question is a better dupe reference instead: stackoverflow.com/questions/6897176/…

– Madhur Bhaiya
Nov 21 '18 at 10:31












2 Answers
2






active

oldest

votes


















0














You need parentheses when using IN (...):



$str = "1,2,3,4,5,6,7,8,9,10,11";

$sql = "update abc set status = 'home' where id in (" . $str . ")";

$st = $db->prepare($sql);

$st->execute();


Also, this is not the way you effectively use Parametrized queries. You need to use placeholders properly.



$str = "1,2,3,4,5,6,7,8,9,10,11";

$placeholder_str = "?,?,?,?,?,?,?,?,?,?,?";

$sql = "update abc set status = 'home' where id in (" . $placeholder_str . ")";

$st = $db->prepare($sql);

$st->execute(explode(',', $str)); // assuming you are using PDO





share|improve this answer


























  • about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

    – puerto
    Nov 21 '18 at 6:50













  • @puerto you can dynamically generate ? in a loop, using the count of values dynamically

    – Madhur Bhaiya
    Nov 21 '18 at 6:51













  • could you show me, pls

    – puerto
    Nov 21 '18 at 6:52






  • 1





    The first solution is completely wrong. And again, this question has been asked before...

    – Shadow
    Nov 21 '18 at 6:53











  • @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

    – Shadow
    Nov 21 '18 at 6:54



















-1














Try this
$sql = " update abc set status = 'home' where instr($str, id) > 0 ";






share|improve this answer






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You need parentheses when using IN (...):



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$sql = "update abc set status = 'home' where id in (" . $str . ")";
    
$st = $db->prepare($sql);
    
$st->execute();


    Also, this is not the way you effectively use Parametrized queries. You need to use placeholders properly.



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$placeholder_str = "?,?,?,?,?,?,?,?,?,?,?";
    
$sql = "update abc set status = 'home' where id in (" . $placeholder_str . ")";
    
$st = $db->prepare($sql);
    
$st->execute(explode(',', $str)); // assuming you are using PDO





    share|improve this answer


























    • about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

      – puerto
      Nov 21 '18 at 6:50













    • @puerto you can dynamically generate ? in a loop, using the count of values dynamically

      – Madhur Bhaiya
      Nov 21 '18 at 6:51













    • could you show me, pls

      – puerto
      Nov 21 '18 at 6:52






    • 1





      The first solution is completely wrong. And again, this question has been asked before...

      – Shadow
      Nov 21 '18 at 6:53











    • @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

      – Shadow
      Nov 21 '18 at 6:54
















    0














    You need parentheses when using IN (...):



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$sql = "update abc set status = 'home' where id in (" . $str . ")";
    
$st = $db->prepare($sql);
    
$st->execute();


    Also, this is not the way you effectively use Parametrized queries. You need to use placeholders properly.



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$placeholder_str = "?,?,?,?,?,?,?,?,?,?,?";
    
$sql = "update abc set status = 'home' where id in (" . $placeholder_str . ")";
    
$st = $db->prepare($sql);
    
$st->execute(explode(',', $str)); // assuming you are using PDO





    share|improve this answer


























    • about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

      – puerto
      Nov 21 '18 at 6:50













    • @puerto you can dynamically generate ? in a loop, using the count of values dynamically

      – Madhur Bhaiya
      Nov 21 '18 at 6:51













    • could you show me, pls

      – puerto
      Nov 21 '18 at 6:52






    • 1





      The first solution is completely wrong. And again, this question has been asked before...

      – Shadow
      Nov 21 '18 at 6:53











    • @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

      – Shadow
      Nov 21 '18 at 6:54














    0












    0








    0







    You need parentheses when using IN (...):



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$sql = "update abc set status = 'home' where id in (" . $str . ")";
    
$st = $db->prepare($sql);
    
$st->execute();


    Also, this is not the way you effectively use Parametrized queries. You need to use placeholders properly.



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$placeholder_str = "?,?,?,?,?,?,?,?,?,?,?";
    
$sql = "update abc set status = 'home' where id in (" . $placeholder_str . ")";
    
$st = $db->prepare($sql);
    
$st->execute(explode(',', $str)); // assuming you are using PDO





    share|improve this answer















    You need parentheses when using IN (...):



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$sql = "update abc set status = 'home' where id in (" . $str . ")";
    
$st = $db->prepare($sql);
    
$st->execute();


    Also, this is not the way you effectively use Parametrized queries. You need to use placeholders properly.



    $str = "1,2,3,4,5,6,7,8,9,10,11";
    
$placeholder_str = "?,?,?,?,?,?,?,?,?,?,?";
    
$sql = "update abc set status = 'home' where id in (" . $placeholder_str . ")";
    
$st = $db->prepare($sql);
    
$st->execute(explode(',', $str)); // assuming you are using PDO






    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 21 '18 at 7:06

























    answered Nov 21 '18 at 6:44









    Madhur BhaiyaMadhur Bhaiya

    19.6k62236




    19.6k62236













    • about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

      – puerto
      Nov 21 '18 at 6:50













    • @puerto you can dynamically generate ? in a loop, using the count of values dynamically

      – Madhur Bhaiya
      Nov 21 '18 at 6:51













    • could you show me, pls

      – puerto
      Nov 21 '18 at 6:52






    • 1





      The first solution is completely wrong. And again, this question has been asked before...

      – Shadow
      Nov 21 '18 at 6:53











    • @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

      – Shadow
      Nov 21 '18 at 6:54



















    • about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

      – puerto
      Nov 21 '18 at 6:50













    • @puerto you can dynamically generate ? in a loop, using the count of values dynamically

      – Madhur Bhaiya
      Nov 21 '18 at 6:51













    • could you show me, pls

      – puerto
      Nov 21 '18 at 6:52






    • 1





      The first solution is completely wrong. And again, this question has been asked before...

      – Shadow
      Nov 21 '18 at 6:53











    • @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

      – Shadow
      Nov 21 '18 at 6:54

















    about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

    – puerto
    Nov 21 '18 at 6:50







    about the query - I don't know in advance what the string will be like, so can't write a certain number of ?.

    – puerto
    Nov 21 '18 at 6:50















    @puerto you can dynamically generate ? in a loop, using the count of values dynamically

    – Madhur Bhaiya
    Nov 21 '18 at 6:51







    @puerto you can dynamically generate ? in a loop, using the count of values dynamically

    – Madhur Bhaiya
    Nov 21 '18 at 6:51















    could you show me, pls

    – puerto
    Nov 21 '18 at 6:52





    could you show me, pls

    – puerto
    Nov 21 '18 at 6:52




    1




    1





    The first solution is completely wrong. And again, this question has been asked before...

    – Shadow
    Nov 21 '18 at 6:53





    The first solution is completely wrong. And again, this question has been asked before...

    – Shadow
    Nov 21 '18 at 6:53













    @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

    – Shadow
    Nov 21 '18 at 6:54





    @puerto see the solutions in the duplicate topic for dynamically generating the placeholders.

    – Shadow
    Nov 21 '18 at 6:54













    -1














    Try this
    $sql = " update abc set status = 'home' where instr($str, id) > 0 ";






    share|improve this answer




























      -1














      Try this
      $sql = " update abc set status = 'home' where instr($str, id) > 0 ";






      share|improve this answer


























        -1












        -1








        -1







        Try this
        $sql = " update abc set status = 'home' where instr($str, id) > 0 ";






        share|improve this answer













        Try this
        $sql = " update abc set status = 'home' where instr($str, id) > 0 ";







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 21 '18 at 6:51









        KrishnaKrishna

        402518




        402518















            Popular posts from this blog

            MongoDB - Not Authorized To Execute Command

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
            Read more

            How to fix TextFormField cause rebuild widget in Flutter

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
            Read more

            in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

            Image
            1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
            Read more