php - Yii2 : Can I bind an array to an IN() condition in join?

Question

我会尝试下面的查询，但不确定是否可以防止 sql 注入(inject)？

        $status = [1, 2, 3];
        $param = implode(', ', $status);

        $rows = (new \yii\db\Query())
            ->select('*')
            ->from('user')
            ->leftJoin('post', "post.user_id = user.id AND post.some_column = $value AND post.status IN ($param)");
            ->all();

return expected results but may be occur sql injection. My IN condition look like is IN (1, 2, 3)

        $rows = (new \yii\db\Query())
            ->select('*')
            ->from('user')
            ->leftJoin('post', "post.user_id = user.id AND post.some_column = :sid AND post.status IN (:param)", [':param' => $param, ':sid' => $value]);
            ->all();

only compare first element in array because is look like this IN ('1, 2, 3') its consist single string not check second element in array only work on first element.

我引用了下面的链接，但不知道如何实现这个条件。

Can I bind an array to an IN() condition?

请给出如何在join(PDO/Yii2/mysql)的On部分使用IN() Condition的解决方案。

Answer 1

基于 this issue :

        $rows = (new \yii\db\Query())
        ->select('*')
        ->from('user')
        ->leftJoin('post', ['post.user_id' => new \yii\db\Expression('user.id'), 'post.some_column' => $sid, 'post.status' => $statuesArray]);
        ->all();