<!-- Collection of code snippets by Arne Vajhøj -->
<!-- posted to eksperten.dk, usenet and other places (2002-now) -->
<?php

function get_connection() {
    $con = new PDO('mysql:host=localhost;dbname=Test', 'root', '');
    $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $con->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    return $con;
}

function display_result($stmt) {
    while($row = $stmt->fetch()) {
        echo $row['f1'] . ' ' . $row['f2'] . "\r\n";
    }
}

function test_hardcoded() {
    $con = get_connection();
    $stmt = $con->prepare('SELECT f1,f2 FROM t1 WHERE f1 IN (2,3)');
    $stmt->execute(array());
    display_result($stmt);
}

function test_oldway($a) {
    $con = get_connection();
    foreach($a as $i) {
        if(!is_int($i)) throw new Exception('Go away evil hacker');
    }
    $stmt = $con->prepare('SELECT f1,f2 FROM t1 WHERE f1 IN (' . implode(',', $a) . ')');
    $stmt->execute(array());
    display_result($stmt);
}

function test_dynamic($a) {
    $con = get_connection();
    $formalparam = array();
    $actualparam = array();
    for($i = 0; $i < count($a); $i++) {
        $paramnam = ":p$i";
        $formalparam[] = $paramnam;
        $actualparam[$paramnam] = $a[$i];
    }
    $sqlstr = 'SELECT f1,f2 FROM t1 WHERE f1 IN (' . implode(',', $formalparam) . ')';
    $stmt = $con->prepare($sqlstr);
    $stmt->execute($actualparam);
    display_result($stmt);
}

function test_dynamic2($a) {
    $con = get_connection();
    $param = substr(str_repeat('?,', count($a)), 0, -1);
    $sqlstr = 'SELECT f1,f2 FROM t1 WHERE f1 IN (' . $param . ')';
    $stmt = $con->prepare($sqlstr);
    $stmt->execute($a);
    display_result($stmt);
}

test_hardcoded();
test_oldway(array(2,3));
test_dynamic(array(2,3));
test_dynamic2(array(2,3));

?>