My query is like this :

$group_id = $session['group_id'];

$sql = "SELECT *
        FROM notification 
        WHERE group_id IN(?)";

$result = $this->db->query($sql, array($group_id))->result_array();

When I add : echo $this->db->last_query();die();, the result is like this :

SELECT * FROM notification WHERE group_id IN('1,13,2')

I want remove single quotes in order to the result is like this :

SELECT * FROM notification WHERE group_id IN(1,13,2)

How to remove single quotes in prepare statement?

You either need to dynamically add in as many ? as you have values in the array...

Or stop using a prepared query and do something like the following:

$group_id = $session['group_id'];

$sql = "SELECT *
    FROM notification 
    WHERE group_id IN (".implode($group_id,",").")";

If the data hasn't come from a user you don't necessarily need to use a prepared query to make sure the data is safe. But if necessary you could do an is_numeric() check before the query to see if the data is valid.

I prefer you can use where_in command as below:-

$this->db->select('*');
$this->db->where_in('group_id',$group_id);
$this->db->get('notification');

All you have to do is make an array of group ids. Try as following

$group_id = explode(',',$session['group_id']);
$this->db->select('*');
$this->db->where_in('group_id',$group_id);
$this->db->get('notification');

it will work

You can this as below:

$session['group_id'] is probably a string. so you can convert that string into an array.

$group_id = explode(",", $session['group_id']);

Now $group_id is already an array. So, in below statement replace array($group_id) with just '$group_id':

$result = $this->db->query($sql, array($group_id))->result_array();

so whole code will be like:

$group_id = explode(",", $session['group_id']);

$sql = "SELECT *
        FROM notification 
        WHERE group_id IN(?)";

$result = $this->db->query($sql, array($group_id))->result_array();