0

I am trying to update with 0 the rows that is not in the array I get from the xml.

$sus = array();
foreach( $xml->property as $node ) {
  $sus[] = $node->suid;
}
$A = "'".implode("','",$sus)."'";
 echo $A;
$sth = $dbh->prepare("UPDATE tabla SET alta = 0
WHERE suid NOT IN ($A)");
$sth->execute($sus);

When I echo $A it prints it out correctly like this: '60','62','65','73','74','79','83','90','112','124' However it does not do the update, whats wrong?

Improve this question

1 Answer 1

Reset to default
1

You should start by escaping your XML values to avoid SQL injection:

$escapedValues = str_repeat('?,', count($sus) - 1) . '?';
$sth = $db->prepare("UPDATE tabla SET alta = 0 WHERE suid NOT IN ($escapedValues)"
$sth->execute($sus);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That worked thanks, did´t know escapes where needed on pdo updates. There is a bug with the names in your query. Here is the full code in case its useful for anybody: $sus = array(); foreach( $xml->property as $node ) { $sus[] = $node->suid; } $escapedValues = str_repeat('?,', count($sus) - 1) . '?'; $sth = $dbh->prepare("UPDATE tabla SET alta = 0 WHERE suid NOT IN ($escapedValues)"); $sth->execute($sus);
Great! Glad for you. Just edited my answer with the appropriate variable name :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.