This should work for you:
So as already said in the comments you need a placeholder for each value which you want to bind into the IN clause.
Here I create first the array $ids which only holds the plain ids, e.g.
[2, 3]
Then I also created the array $preparedIds which holds the placeholders as array, which you then later use in the prepared statement. This array looks something like this:
[":id2", ":id3"]
And I also create an array called $preparedValues which holds the $preparedIds as keys and $ids as values, which you then later can use for the execute() call. The array look something like this:
[":id2" => 2, ":id3" => 3]
After this you are good to go. In the prepared statement I just implode() the $preparedIds array, so that the SQL statement look something like this:
... IN(:id2,:id3) ...
And then you can simply execute() your query. There I just array_merge() your $preparedValues array with the other placeholders array.
<?php
$ids = array_map(function($item){
return $item->id;
}, $entitlementsVOs);
$preparedIds = array_map(function($v){
return ":id$v";
}, $ids);
$preparedValues = array_combine($preparedIds, $ids);
$timestart = (!empty($_GET['start']) ? $_GET['start'] : NULL );
$timeend = (!empty($_GET['end']) ? $_GET['end'] : NULL );
$statement = $this->connection->prepare("SELECT name AS title, timestart AS start, timestart + timeduration AS end FROM event WHERE courseid IN(" . implode(",", $preparedIds) . ") AND timestart >= :timestart AND timestart + timeduration <= :timeend");
$statement->setFetchMode(\PDO::FETCH_CLASS, get_class(new EventVO()));
if($statement->execute(array_merge($preparedValues, ["timestart" => $timestart, "timeend" => $timeend]))) {
return $statement->fetchAll();
} else {
return null;
}
?>
Also I think you want to put an if statement around your query, since your query will not run if the values of $timestart and $timeend are NULL.
