Quantcast

Fwd: [db] Auto-quoting WHERE clause

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: [db] Auto-quoting WHERE clause

Shekar C Reddy
FYI.
 
PS: Doing a 'Reply' to the Zend list emails actually address the email to the poster - not the list. I do a Reply-All and blow off the poster's email retaining the list email.
 


---------- Forwarded message ----------
From: Sergej Andrejev <[hidden email]>
Date: May 15, 2006 6:40 AM
Subject: Re: [fw-general][db] Auto-quoting WHERE clause
To: Shekar C Reddy <[hidden email]>

It also would be nice if we could do something similar to fetchAll(),
where we can qoute an associative array into SQL query on the fly like this

$query = $db->select()
   ->from('table', '*')
   ->where('id = :id AND name = :name', array('id' => 6, 'name' =>
'some name');


--
http://www.mif.vu.lt/~sean3322/other/signature

 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [db] Auto-quoting WHERE clause

Mislav Marohnić
On 5/14/06, Shekar C Reddy <[hidden email]> wrote:
PS: Doing a 'Reply' to the Zend list emails actually address the email to the poster - not the list. I do a Reply-All and blow off the poster's email retaining the list email.

You don't even have to remove the original poster -- the mailing list software is intelligent about that. It isn't going to send duplicates
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [db] Auto-quoting WHERE clause

Steven Van Poeck
Mislav a écrit :

> On 5/14/06, *Shekar C Reddy* <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     _PS_: Doing a 'Reply' to the Zend list emails actually address the
>     email to the poster - not the list. I do a Reply-All and blow off
>     the poster's email retaining the list email.
>
>
> You don't even have to remove the original poster -- the mailing list
> software is intelligent about that. It isn't going to send duplicates
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.392 / Virus Database: 268.5.6/338 - Release Date: 12/05/2006

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [db] Auto-quoting WHERE clause

GavinZend
In reply to this post by Shekar C Reddy
Shekar,

Thanks for suggesting quoteInto().

Quoting alternatives:
o manually at time of binding (when using prepare)
o automatically at time of binding (when using prepare), possibly by
marking parameters in prepare to auto-quote
o manually at query time
o automatically at query time
o other?

I'm curious what each of you would consider "best practice"?
Would this change under different usage cases?
Should the framework encourage one approach over another?

Note that with prepared statements in PDO, "The parameters to prepared
statements don't need to be quoted; the driver handles it for you."

Cheers,
Gavin


Shekar C Reddy wrote:
 > Currently, the where clause is to be quoted manually. It would be
nice if the where clause is accepted as an array of quotable strings and
values that should be coded in the framework to be automatically quoted
by update/delete... Here is the method listing:
 >
 > //////////////////////////////////////////////////
 > final function quoteInto( $text, $value = '' )
 > //////////////////////////////////////////////////
 > {
 >    if ( ! is_array( $text ))
 >       return parent::quoteInto( $text, $value );
 >    //
 >    $where = '';
 >    //
 >    foreach ( $text as $var => &$value )
 >    {
 >       if ( ! empty( $where ))
 >          $where .= "\n";
 >       //
 >       $where .=  parent::quoteInto( $var, $value );
 >    }
 >    //
 >    return $where;
 > }
 > //////////////////////////////////////////////////
 >
 >
 > I will leave it to you to figure out what the above method would
return for an argument, like so:
 >
 > quoteInto( array
 >    (
 >       'ID   = ? and' => $id,
 >       'Desc = ?' => $code,
 >       ...
 >    ));
 >
 >
 > Thoughts?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [db] Auto-quoting WHERE clause

Andi Gutmans
I was under the impression that if you're using bound parameters you
don't have to quote, which is what I consider best practices. So I'd
change your first option to "automatic at time of binding" but that
wouldn't be the framework's job as much as it would be the db driver.

Andi

At 06:07 PM 5/15/2006, Gavin Vess wrote:

>Shekar,
>
>Thanks for suggesting quoteInto().
>
>Quoting alternatives:
>o manually at time of binding (when using prepare)
>o automatically at time of binding (when using prepare), possibly by
>marking parameters in prepare to auto-quote
>o manually at query time
>o automatically at query time
>o other?
>
>I'm curious what each of you would consider "best practice"?
>Would this change under different usage cases?
>Should the framework encourage one approach over another?
>
>Note that with prepared statements in PDO, "The parameters to
>prepared statements don't need to be quoted; the driver handles it for you."
>
>Cheers,
>Gavin
>
>
>Shekar C Reddy wrote:
> > Currently, the where clause is to be quoted manually. It would be
> nice if the where clause is accepted as an array of quotable
> strings and values that should be coded in the framework to be
> automatically quoted by update/delete... Here is the method listing:
> > > //////////////////////////////////////////////////
> > final function quoteInto( $text, $value = '' )
> > //////////////////////////////////////////////////
> > {
> >    if ( ! is_array( $text ))
> >       return parent::quoteInto( $text, $value );
> >    //
> >    $where = '';
> >    //
> >    foreach ( $text as $var => &$value )
> >    {
> >       if ( ! empty( $where ))
> >          $where .= "\n";
> >       //
> >       $where .=  parent::quoteInto( $var, $value );
> >    }
> >    //
> >    return $where;
> > }
> > //////////////////////////////////////////////////
> > > > I will leave it to you to figure out what the above method
> would return for an argument, like so:
> > > quoteInto( array
> >    (
> >       'ID   = ? and' => $id,
> >       'Desc = ?' => $code,
> >       ...
> >    ));
> > > > Thoughts?

Loading...