<?php
$ids=array(1,2,3,7,8,9);
$db = new PDO(...);
$stmt = $db->prepare(
'SELECT *
FROM table
WHERE id IN(:an_array)'
);
$stmt->bindParam('an_array',$ids);
$stmt->execute();
?>
<?php
$ids=array(1,2,3,7,8,9);
$in = str_repeat('?,', count($arr) - 1) . '?';
$stmt = $db->prepare('SELECT * FROM table WHERE id IN($in)');
$stmt->execute($ids);
Не слишком красиво, но зато безопасно.