SQL Binding IN Clause?

RumbleFrog · **Author**

Say I have this

PHP Code:


			
DELETE FROM queue WHERE `id` IN ( );

And I wish to use a prepared statement for this, how would I do this?

In PHP I use this

PHP Code:


			
$inQuery = implode(',', array_fill(0, count($ids), '?'));

$stmt = $this->db->prepare('DELETE FROM queue WHERE `id` IN (' . $inQuery . ')');

foreach ($ids as $k => $id)

      $stmt->bindValue(($k+1), $id);

Not sure how would I replicate this in sourcepawn or if it's possible

RumbleFrog · 04-22-2017 , 17:45 Re: SQL Binding IN Clause?

Also to highlight that, amount of values in the IN clause is going to be random.

asherkin · 04-22-2017 , 19:37 Re: SQL Binding IN Clause?

You shouldn't be using prepared statements in SourcePawn, as they do not support threading.

The FormatQuery native gives you "fake" prepared statements, which is what you get with PDO in PHP by default anyway.

RumbleFrog · 04-22-2017 , 20:15 Re: SQL Binding IN Clause?

Quote:

Originally Posted by asherkin

You shouldn't be using prepared statements in SourcePawn, as they do not support threading.

The FormatQuery native gives you "fake" prepared statements, which is what you get with PDO in PHP by default anyway.

Can you give an example for a non-prepared and threaded statement for this scenario?

RumbleFrog · 04-22-2017 , 22:31 Re: SQL Binding IN Clause?

Are there anything similar to array_fill?

Edit: What's this FormatQuery native?

nosoop · 04-23-2017 , 11:40 Re: SQL Binding IN Clause?

SQL_FormatQuery (and Database.Format(), for that matter) are new natives in SourceMod 1.9+. It escapes unsafe string parameters, which the default Format native doesn't do.

Here's sample usage given in the PR; the old method shows the "current" way a threaded pseudo-statement is done (creating escaped strings then Formatting the query).

The native currently isn't available in the current stable branch as far as I can tell; I wouldn't use it myself unless you're willing to target SourceMod 1.9+.

Edit: Don't think you'd be able to bind a variable number of parameters with SQL_FormatQuery. You'll probably need to escape any unsafe strings, join the values, and then pass it as one string to Format.

Double edit: You can use Powerlord's implodeexplode.inc stocks to join multiple strings in an ArrayList into one.

The edits continue: Or you can use ImplodeStrings if you're willing to set up your char[][]s.