How to use php array with sql IN operator?

$arr is a php array, to the sql server you need to send a string that will be parsed you need to turn your array in a list like 1, 2, etc..

to do this you can use the function http://php.net/implode

so before running the query try

$arr = implode ( ', ', $arr);

you need to convert the array into comma-separated string:

$condition = implode(', ', $arr);

And, additionally, you might want to escape the values first (if you are unsure about the input):

$condition = implode(', ', array_map('mysql_real_escape_string', $arr));

Since you have plain integers, you can simply join them with commas:

$sql = "SELECT * FROM table WHERE comp_id IN (" . implode(',', $arr) . ")";

If working with with strings, particularly untrusted input:

$sql = "SELECT * FROM table WHERE comp_id IN ('" 
     . implode("','", array_map('mysql_real_escape_string', $arr)) 
     . "')";

Note this does not cope with values such as NULL (will be saved as empty string), and will add quotes blindly around numeric values, which does not work if using strict mysql mode.

mysql_real_escape_string is the function from the original mysql driver extension, if using a more recent driver like mysqli, use mysqli_real_escape_string instead.

However, if you just want to work with untrusted numbers, you can use intval or floatval to sanitise the input:

$sql = "SELECT * FROM table WHERE comp_id IN (" . implode(",", array_map('intval', $arr)) . ")";