phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #00738
[Bug 943159] Re: Support required for named SQL parameters
Is it that:
http://www.php.net/manual/en/pdo.prepared-statements.php
--
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to PHPDevShell.
https://bugs.launchpad.net/bugs/943159
Title:
Support required for named SQL parameters
Status in Open Source PHP RAD Framework with UI.:
New
Bug description:
The PHPDS_db and PHPDS_query classes needs to support named SQL
parameters, this will help future compatibility with PDO Objects as
well as allow for the formatting of SQL statements to be improved upon
before we fully support PDO.
An example of currently used non-parameter based queries:
$sql = "INSERT INTO sometable (foo, bar, baz) VALUES (%d, '%s', '%s')"
To add data into the query you would then usually do something like:
$query = sprintf($sql, 1, 'text', 'some more text');
Although the above example is extremely simple, the ordering of the
parameters is extremely important and in complex queries with many
fields it is easy to misalign the format parameters with the fields
given.
To solve this problem PDO supports named SQL parameters (as does most other non PHP mysql database API's):
Example:
$sql = "INSERT INTO sometable (foo, bar, baz) VALUES (:foo, ':bar', ':baz')"
For now, a PHPDevShell a function could then take a named array and simply replace the named parameters with the actual values, for example:
$query = $this->fmtParamSQL($sql, array(':foo' => 1, ':bar' => 'text', ':baz' => 'some more text'));
The fmtParamSQL() function can work like this:
function fmtParamSQL($sql, $params = false) {
$result = $sql;
foreach($params as $name => $value) {
$result = str_ireplace(':'.$name, $value, $result);
}
return $result;
}
I propose that we build an additional function into PHPDS_db called
invokeNamedQuery() to differentiate between the standard invokeQuery()
function and a function which supports named parameters. This is going
to take quite a lot of work since all the supporting functions will
also then have to support named parameters.
If we convert all queries to named queries eventually we will then be
able to support PDO and NoSQL much easier in the future.
To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/943159/+subscriptions
References