AnewtDatabaseSQLTemplate class

SQL template class with mandatory type checking.

Page Contents

  1. Class Overview
  2. Public Static Methods
  3. Public Methods
  4. Private Methods
  5. Private Attributes

Class Overview

SQL template class with mandatory type checking.

This class implements the type checking logic for SQL queries. It is used internally by AnewtDatabasePreparedQuery, but can also be used directly to construct complex SQL queries with e.g. a variable number of placeholders.

Placeholders

SQL templates can be used in two modes: positional and named mode. The amount of input checking performed is the same, but the way the placeholders are specified and filled differs. Additionally, both modes support array values.

Positional mode

In positional mode, placeholders look like ?int?, and when filling the template the values are provided as a list of values to be used for those placeholders, either as multiple parameters (if AnewtDatabaseSQLTemplate::fill() is used) or as an array (if AnewtDatabaseSQLTemplate::fillv() is used).

Example:

  1.  $connection->prepare_execute(
  2.      'INSERT INTO person (name, age) VALUES (?str?, ?int?)',
  3.      'John Doe', 12);

Named mode

In named mode, placeholders look like ?int:name?, and when filling the template the values are provided as an associative array or as an AnewtContainer instance, and the placeholder name is used to obtain the value from the associative array or AnewtContainer. Named mode allows for cleaner code in some cases, and also allows you to use the same value at different places in your query.

Named mode templates can only be filled using a single values parameter, which means AnewtDatabaseSQLTemplate::fillv() must be used; AnewtDatabaseSQLTemplate::fill() cannot. This also applies for the query methods on AnewtDatabaseConnection, where only the ...v() variants can be used, e.g. use AnewtDatabaseConnection::prepare_executev_fetch_all(), not AnewtDatabaseConnection::prepare_execute_fetch_all().

Example:

  1.  $person = array(
  2.      'name' => 'John Doe',
  3.      'age'  => 12);
  4.  $connection->prepare_executev(
  5.      'INSERT INTO person (name, age) VALUES (?str:name?, ?int:age?)',
  6.      $person);

Array placeholders

In both named and positional modes array placeholders are supported. This means that you can use ?int[]? (positional) or ?int[]:ids? (named) to specify that you will not substitute a a single, but multiple values,. When the AnewtDatabaseSQLTemplate is filled, type-checking will be done on all values, and the result will be a comma-separated list of escaped values. This is most useful for IN (...) SQL queries.

Example:

  1.  $ids = array(1, 2, 3);
  2.  $connection->prepare_execute_fetch_all(
  3.      'SELECT * FROM table WHERE id IN * (?int[]?);', $ids);

See also

Public Static Methods

static query_type_for_sql($sql) [static]

Find out the type of an SQL query.

The return value is one of the ANEWT_DATABASE_SQL_QUERY_TYPE_* constants, e.g. ANEWT_DATABASE_SQL_QUERY_TYPE_SELECT or ANEWT_DATABASE_SQL_QUERY_TYPE_INSERT.

Parameters

$sql

The SQL query

Return value

The type of the query.

static field_type_for_string($field_type) [static]

Convert a column type string into the associated constant.

This function returns one of the ANEWT_DATABASE_SQL_FIELD_TYPE_* constants, and throws an exception if the passes string is not a valid identifier.

Example: The string int results in the ANEWT_DATABASE_SQL_FIELD_TYPE_INTEGER constant.

Parameters

$field_type

A string indicating a database field type, e.g. int.

Return value

Associated ANEWT_DATABASE_SQL_FIELD_TYPE_* constant.

Public Methods

fill($values=null)

Fill the SQL template using the values passed as multiple parameters.

See AnewtDatabaseSQLTemplate::fillv() for a detailed description.

Parameters

$values

Return value

Quoted query

See also

fillv($values=null)

Fill the SQL template using the values passed as a single parameter.

This method will check all values for correctness to avoid nasty SQL injection vulnerabilities.

Parameters

$values

Array with values to use for substitution. For positional placeholders this should be a numeric array. For named placeholders an associative array or AnewtContainer instance should be passed.

Return value

The query containing all values, quoted correctly.

See also

Private Methods

__construct($sql, $connection) [private]

Construct a new AnewtDatabaseSQLTemplate instance.

Do not create instances directly; use AnewtDatabaseConnection::sql_template() instead.

Parameters

$sql

The SQL template string

$connection

An AnewtDatabaseConnection instance

See also

escape_field($field_type, $value) [private]

Escape a field for embedding in an SQL query.

This method does rigid sanity checking and throws errors when the supplied value is not suitable for the specified field type.

Parameters

$field_type

The field type (one of the ANEWT_DATABASE_SQL_FIELD_TYPE_* constants)

$value

The value to escape

Return value

The escaped value

See also

escape_field_array($field_type, $values) [private]

Escape multiple values that have the same field type.

This method concatenates all values using a comma as separator. This method is used for array placeholders and can be used to build queries like these: ... WHERE value IN (?str[]?).

Parameters

$field_type

The field type (one of the ANEWT_DATABASE_SQL_FIELD_TYPE_* constants)

$values

The values to escape

Return value

The escaped values, in a comma-separated string.

See also

Private Attributes

$connection [private]

The associated AnewtDatabaseConnection.

$sql [private]

The SQL query with sprintf-style format specifiers, after the placeholders have been parsed.

$placeholders [private]

The placeholders in this template.

$named_mode [private]

Indicates whether this SQL template uses positional or named placeholders.

Anewt. Almost No Effort Web Toolkit.

© 2006–2009. This page was generated at 2009-08-02T22:54:42+02:00.