I use this code th get some result by using find() function
$id = implode(',', (array)$id); $post = MyPost::find("post_id IN (".$id.")");
Is this normal to use "IN" and I'm curious about is it has security issue like SQL Injection ?
Maybe It will sql injection , you must use binding paramaster see here http://docs.phalconphp.com/en/latest/reference/models.html#binding-parameters
Hi ! but it will return 0 when I input some characters , if i dont want the id with 0 and the result is what i want :O
It not working now (pull request https://github.com/phalcon/cphalcon/pull/2990)
You can use something like this:
$id = implode(',', array_map('intval',(array)$id)); $post = MyPost::find("post_id IN (".$id.")");