I have a function that I use called sqlf(), it emulates prepared statements. For instance I can do things like:
$sql = sqlf('SELECT * FROM Users WHERE name= :1 AND email= :2','Big 'John'','bj@example.com') ;
For various reasons, I cannot use prepared statements, but I would like to emulate them. The problem that I run into is with queries like
$sql = sqlf('SELECT * FROM Users WHERE id IN (:1)',array(1,2,3) );
My code works, but it fails with empty arrays, e.g. the following throws a mysql error:
SELECT * FROM Users WHERE id IN ();
Does anyone have any suggestions? How should I translate and empty array into sql that can be injected into an IN clause? Substituting NULL will not work.
Null is the only value that you can guarantee is not in the set. How come it is not an option? Anything else can be seen as part of the potential set, they are all values.