phpdevshell team mailing list archive

Thread
Date

[Bug 943159] Re: Support required for named SQL parameters

To: phpdevshell@xxxxxxxxxxxxxxxxxxx
From: Greg <943159@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 Feb 2015 10:00:47 -0000
Reply-to: Bug 943159 <943159@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: phpdevshell/trunk-3.x
    Milestone: None => 3.6

-- 
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to trunk-3.x.
https://bugs.launchpad.net/bugs/943159

Title:
  Support required for named SQL parameters

Status in Open Source PHP RAD Framework with UI.:
  In Progress
Status in PHPDevShell trunk-3.x series:
  In Progress

Bug description:
  The PHPDS_db and PHPDS_query classes needs to support named SQL
  parameters, this will help future compatibility with PDO Objects as
  well as allow for the formatting of SQL statements to be improved upon
  before we fully support PDO.

  An example of currently used non-parameter based queries:
  $sql = "INSERT INTO sometable (foo, bar, baz) VALUES (%d, '%s', '%s')"

  To add data into the query you would then usually do something like:
  $query = sprintf($sql, 1, 'text', 'some more text');

  Although the above example is extremely simple, the ordering of the
  parameters is extremely important and in complex queries with many
  fields it is easy to misalign the format parameters with the fields
  given.

  To solve this problem PDO supports named SQL parameters (as does most other non PHP mysql database API's):
  Example:
   $sql = "INSERT INTO sometable (foo, bar, baz) VALUES (:foo, ':bar', ':baz')"

  For now, a PHPDevShell a function could then take a named array and simply replace the named parameters with the actual values, for example:
  $query = $this->fmtParamSQL($sql, array(':foo' => 1, ':bar' => 'text', ':baz' => 'some more text'));

  The fmtParamSQL() function can work like this:

  function fmtParamSQL($sql, $params = false) {
  	$result = $sql;
  	foreach($params as $name => $value) {
  		$result = str_ireplace(':'.$name, $value, $result);
  	}
  	return $result;
  }

  I propose that we build an additional function into PHPDS_db called
  invokeNamedQuery() to differentiate between the standard invokeQuery()
  function and a function which supports named parameters. This is going
  to take quite a lot of work since all the supporting functions will
  also then have to support named parameters.

  If we convert all queries to named queries eventually we will then be
  able to support PDO and NoSQL much easier in the future.

To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/943159/+subscriptions

References

[Bug 943159] [NEW] Support required for named SQL parameters
From: Don Schoeman, 2012-02-29