Warning: Before implementing this code into yours, please make a backup of the file as this code is untested.
Well this is how I would build your query:
PHP Code:
$Types = 'i'; // 'i' for $sessMemberID
$Count = 0;
foreach($_POST['msgArray'] as $msgID => $msgValue){
$Count += 1;
$Types .= 'i'; // 'i' for each item in where clause
$IDs[] = "message_id=?";
}
$MessageIDs = implode(' or ', $IDs);
// Build query.
$q1 = "UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND ($MessageIDs) LIMIT $Count";
//UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND (message_id=? or message_id=? or message_id=?) LIMIT 3
Now please bear in mind I still don't use mysqli or prepared statements (Fou-Lu keeps dropping subtle hints my way but I've managed to get away with normal mysql for years
) so I'm unsure how you bind the parameters here using a dynamic query like this.
I did however find this on php.net which may help:
http://php.net/manual/en/mysqli-stmt.bind-param.php
Quote:
When dealing with a dynamic number of field values while preparing a statement I find this class useful.
PHP Code:
<?php
class BindParam{
private $values = array(), $types = '';
public function add( $type, &$value ){
$this->values[] = $value;
$this->types .= $type;
}
public function get(){
return array_merge(array($this->types), $this->values);
}
}
?>
Usage is pretty simple. Create an instance and use the add method to populate. When you're ready to execute simply use the get method.
PHP Code:
<?php
$bindParam = new BindParam();
$qArray = array();
$use_part_1 = 1;
$use_part_2 = 1;
$use_part_3 = 1;
$query = 'SELECT * FROM users WHERE ';
if($use_part_1){
$qArray[] = 'hair_color = ?';
$bindParam->add('s', 'red');
}
if($use_part_2){
$qArray[] = 'age = ?';
$bindParam->add('i', 25);
}
if($use_part_3){
$qArray[] = 'balance = ?';
$bindParam->add('d', 50.00);
}
$query .= implode(' OR ', $qArray);
//call_user_func_array( array($stm, 'bind_param'), $bindParam->get());
echo $query . '<br/>';
var_dump($bindParam->get());
?>
This gets you the result that looks something like this:
SELECT * FROM users WHERE hair_color = ? OR age = ? OR balance = ?
array(4) { [0]=> string(3) "sid" [1]=> string(3) "red" [2]=> int(25) [3]=> float(50) }
|
Red text no longer applies but left in for the sake of continuity.
Now in theory, you could do this in your code but I gave it a try and had nothing but pass by reference errors thanks to php changing the parameters in call_user_func_array() - before php 5.3.0 it would pass it's parameters as references but now it passes as values instead which is a pain for mysqli_stmt_bind_param() which wants everything passed as references ruling out the above code. You could however use mysqli_query() though. I've spent over 2 hours chasing my tail on the reference thing so I've not had chance to test that but it should work in a similar way to mysql_query().
Edit: In theory to get around the pass by reference thing, you could probably run mysqli_stmt_bind_param() as a string with it's parameters through eval(). It's a very dirty hack but I did it once in some code somewhere in spectacular style.. worked perfectly. I just can't remember how, where or when 
Fou-Lu, if you're out there I think this reference thing is up your street for solving.