[wp-hackers] WP 3.5.2/multisite: How to use NOT IN in $wpdb->prepare()?

Ryan McCue lists at rotorised.com
Tue Jul 16 04:21:17 UTC 2013

Micky Hulse wrote:
> What's the most practical and secure way (I want to avoid little Bobby
> Tables http://xkcd.com/327/) to pass a list of blog IDs into the NOT
> IN clause of wpdb::prepare() SQL statement?

$ids = array(1, '2', '3q', 'b');

// Ensure all IDs are positive integers
$ids = array_map('absint', $ids);

// Filter anything that converted to 0 (i.e. non-integers)
$ids = array_filter();

// Add to your SQL
$sql .= ' NOT IN (' . implode(',', $ids) . ')';

Ryan McCue

More information about the wp-hackers mailing list