Update MySQL row if it includes variable from array?

Question

I have a PHP script that sends out push notifications to certain device tokens, and after it has been sent, sets a variable in a column matching up with that row so that the script skips over it the next time it sends out notifications.

The table looks like this:

Token (PRIMARY)     School        Skip
--------------------------------------
f2342f              School 2      0
434fbc              School 1      0
33332c              School 1      0

I set the Skip column variable to 1 after the code has been run to send the notifications:

if (!mysql_query("UPDATE Snow SET Skip='1' WHERE Token IN('$tokens')", $con)) {
    die('Error: ' . mysql_error());
}

The problem with that though is that if two tokens share the same school, then it won't update. Is it possible for it to update when there are multiple "tokens" in the array? So for that query to update not only single tokens, but multiple ones separated by a comma:

UPDATE Snow SET Skip='1' WHERE Token IN('f2342f') // Single tokens matching criteria
UPDATE Snow SET Skip='1' WHERE Token IN('434fbc, 33332c') // Multiple tokens

Answer 1

Yes, you should wrap all tokens in quotes so you'll get '434fbc', '33332c':

$tokensStr = "'" . join("','", explode(",", $tokens)) . "'";
if (!mysql_query("UPDATE Snow SET Skip='1' WHERE Token IN($tokensStr)", $con)) {
    die('Error: ' . mysql_error());
}

And if $tokens comes directly from user input:

$tokenArray = explode(",", $tokens));
$tokenArray = array_map('mysql_real_escape_string', $tokenArray);
$tokensStr = "'" . join("','", $tokenArray) . "'";
if (!mysql_query("UPDATE Snow SET Skip='1' WHERE Token IN($tokensStr)", $con)) {
    die('Error: ' . mysql_error());
}

This prevents SQL injections: http://en.wikipedia.org/wiki/SQL_injection

Answer 2

Comma separate your values within the IN.

ie

UPDATE Snow SET Skip='1' WHERE Token IN('434fbc', '33332c')