TYPO3 CMS  TYPO3_6-2
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Database\PreparedStatement Class Reference
Inheritance diagram for TYPO3\CMS\Core\Database\PreparedStatement:
t3lib_db_PreparedStatement

Public Member Functions

 __construct ($query, $table, array $precompiledQueryParts=array())
 
 bindValues (array $values)
 
 bindValue ($parameter, $value, $data_type=self::PARAM_AUTOTYPE)
 
 execute (array $input_parameters=array())
 
 fetch ($fetch_style=0)
 
 seek ($rowNumber)
 
 fetchAll ($fetch_style=0)
 
 free ()
 
 rowCount ()
 
 errorCode ()
 
 errorInfo ()
 
 setFetchMode ($mode)
 

Public Attributes

const PARAM_NULL = 0
 
const PARAM_INT = 1
 
const PARAM_STR = 2
 
const PARAM_BOOL = 3
 
const PARAM_AUTOTYPE = 4
 
const FETCH_ASSOC = 2
 
const FETCH_NUM = 3
 

Protected Member Functions

 guessValueType ($value)
 
 hasNamedPlaceholders ($query)
 
 convertNamedPlaceholdersToQuestionMarks (&$query, array &$parameterValues, array &$precompiledQueryParts)
 
 tokenizeQueryParameterMarkers ($query, array $parameterValues)
 
 generateParameterWrapToken ()
 

Protected Attributes

 $query
 
 $precompiledQueryParts
 
 $table
 
 $parameters
 
 $defaultFetchMode = self::FETCH_ASSOC
 
 $statement
 
 $fields
 
 $buffer
 
 $parameterWrapToken
 

Detailed Description

This file is part of the TYPO3 CMS project.

It is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, either version 2 of the License, or any later version.

For the full copyright and license information, please read the LICENSE.txt file that was distributed with this source code.

The TYPO3 project - inspiring people to share! TYPO3 prepared statement for DatabaseConnection

USE: In all TYPO3 scripts when you need to create a prepared query: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'pages', 'uid = :uid'); $statement->execute(array(':uid' => 2)); while (($row = $statement->fetch()) !== FALSE) { ... } $statement->free();

Author
Xavier Perseguers typo3.nosp@m.@per.nosp@m.segue.nosp@m.rs.c.nosp@m.h

Definition at line 33 of file PreparedStatement.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Database\PreparedStatement::__construct (   $query,
  $table,
array  $precompiledQueryParts = array() 
)

Creates a new PreparedStatement. Either $query or $queryComponents should be used. Typically $query will be used by native MySQL TYPO3_DB on a ready-to-be-executed query. On the other hand, DBAL will have parse the query and will be able to safely know where parameters are used and will use $queryComponents instead.

This constructor may only be used by

Parameters
string$querySQL query to be executed
string$tableFROM table, used to call $GLOBALS['TYPO3_DB']->fullQuoteStr().
array$precompiledQueryPartsComponents of the query to be executed private

Definition at line 155 of file PreparedStatement.php.

References $GLOBALS, TYPO3\CMS\Core\Database\PreparedStatement\$precompiledQueryParts, TYPO3\CMS\Core\Database\PreparedStatement\$query, TYPO3\CMS\Core\Database\PreparedStatement\$table, TYPO3\CMS\Core\Database\PreparedStatement\generateParameterWrapToken(), and TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders().

Member Function Documentation

◆ bindValue()

TYPO3\CMS\Core\Database\PreparedStatement::bindValue (   $parameter,
  $value,
  $data_type = self::PARAM_AUTOTYPE 
)

Binds a value to a corresponding named or question mark placeholder in the SQL statement that was use to prepare the statement.

Example 1: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?'); $statement->bindValue(1, 'goofy'); $statement->bindValue(2, 'FIXED');

Example 2: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status'); $statement->bindValue(':nickname', 'goofy'); $statement->bindValue(':status', 'FIXED');

Parameters
mixed$parameterParameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.
mixed$valueThe value to bind to the parameter.
integer$data_typeExplicit data type for the parameter using the ::PARAM_* constants. If not given, the PHP type of the value will be used instead (int, string, boolean).
Returns
The current prepared statement to allow method chaining

Definition at line 224 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\guessValueType().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\bindValues().

◆ bindValues()

TYPO3\CMS\Core\Database\PreparedStatement::bindValues ( array  $values)

Binds an array of values to corresponding named or question mark placeholders in the SQL statement that was use to prepare the statement.

Example 1: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?'); $statement->bindValues(array('goofy', 'FIXED'));

Example 2: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status'); $statement->bindValues(array(':nickname' => 'goofy', ':status' => 'FIXED'));

Parameters
array$valuesThe values to bind to the parameter. The PHP type of each array value will be used to decide which PARAM_* type to use (int, string, boolean, NULL), so make sure your variables are properly casted, if needed.
Returns
The current prepared statement to allow method chaining

Definition at line 192 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\bindValue().

◆ convertNamedPlaceholdersToQuestionMarks()

TYPO3\CMS\Core\Database\PreparedStatement::convertNamedPlaceholdersToQuestionMarks ( $query,
array &  $parameterValues,
array &  $precompiledQueryParts 
)
protected

Converts named placeholders into question mark placeholders in a query.

Parameters
string$query
array$parameterValues
array$precompiledQueryParts
Returns
void

Definition at line 581 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query, TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders(), and TYPO3\CMS\Core\Database\PreparedStatement\tokenizeQueryParameterMarkers().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ errorCode()

TYPO3\CMS\Core\Database\PreparedStatement::errorCode ( )

Returns the error number on the last execute() call.

Returns
integer Driver specific error code.

Definition at line 503 of file PreparedStatement.php.

◆ errorInfo()

TYPO3\CMS\Core\Database\PreparedStatement::errorInfo ( )

Returns an array of error information about the last operation performed by this statement handle. The array consists of the following fields:

  1. Driver specific error code.
  2. Driver specific error message
Returns
array Array of error information.

Definition at line 517 of file PreparedStatement.php.

◆ execute()

TYPO3\CMS\Core\Database\PreparedStatement::execute ( array  $input_parameters = array())

Executes the prepared statement. If the prepared statement included parameter markers, you must either:

  • call TYPO3\CMS\Core\Database\PreparedStatement::bindParam()tobindPHPvariablestotheparametermarkers:boundvariablespasstheirvalueasinput</li><li>orpassanarrayofinput-onlyparametervalues</li></ul>$input_parametersbehaveasin@link\TYPO3\CMS\Core\Database\PreparedStatement::bindParams()andworkforbothnamedparametersandquestionmarkparameters.Example1:<code>$statement=$GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?');$statement->execute(array('goofy', 'FIXED'));</code>Example2:<code>$statement=$GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status');$statement->execute(array(':nickname' => 'goofy', ':status' => 'FIXED'));</code>@paramarray$input_parametersAnarrayofvalueswithasmanyelementsasthereareboundparametersintheSQLstatementbeingexecuted.ThePHPtypeofeacharrayvaluewillbeusedtodecidewhichPARAM_*typetouse(int,string,boolean,NULL),somakesureyourvariablesareproperlycasted,ifneeded.@returnbooleanReturnsTRUEonsuccessorFALSEonfailure.@throws\InvalidArgumentException@api

Definition at line 282 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$fields, $GLOBALS, TYPO3\CMS\Core\Database\PreparedStatement\$parameters, TYPO3\CMS\Core\Database\PreparedStatement\$precompiledQueryParts, TYPO3\CMS\Core\Database\PreparedStatement\$query, $result, TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks(), and TYPO3\CMS\Core\Database\PreparedStatement\guessValueType().

◆ fetch()

TYPO3\CMS\Core\Database\PreparedStatement::fetch (   $fetch_style = 0)

Fetches a row from a result set associated with a object.

Parameters
integer$fetch_styleControls how the next row will be returned to the caller. This value must be one of the ::FETCH_* constants. If omitted, default fetch mode for this prepared query will be used.
Returns
array Array of rows or FALSE if there are no more rows.

Definition at line 401 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$buffer, and TYPO3\CMS\Core\Database\PreparedStatement\$defaultFetchMode.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetchAll().

◆ fetchAll()

TYPO3\CMS\Core\Database\PreparedStatement::fetchAll (   $fetch_style = 0)

Returns an array containing all of the result set rows.

Parameters
integer$fetch_styleControls the contents of the returned array as documented in TYPO3\CMS\Core\Database\PreparedStatement::fetch().@returnarrayArrayofrows.@api

Definition at line 468 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ free()

TYPO3\CMS\Core\Database\PreparedStatement::free ( )

Releases the cursor. Should always be call after having fetched rows from a query execution.

Returns
void

Definition at line 483 of file PreparedStatement.php.

◆ generateParameterWrapToken()

TYPO3\CMS\Core\Database\PreparedStatement::generateParameterWrapToken ( )
protected

Generate a random token that is used to wrap the query markers

Returns
string

Definition at line 659 of file PreparedStatement.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\getRandomHexString().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct().

◆ guessValueType()

TYPO3\CMS\Core\Database\PreparedStatement::guessValueType (   $value)
protected

Guesses the type of a given value.

Parameters
mixed$value
Returns
integer One of the ::PARAM_* constants

Definition at line 549 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\bindValue(), and TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ hasNamedPlaceholders()

TYPO3\CMS\Core\Database\PreparedStatement::hasNamedPlaceholders (   $query)
protected

Returns TRUE if named placeholers are used in a query.

Parameters
string$query
Returns
boolean

Definition at line 568 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), and TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks().

◆ rowCount()

TYPO3\CMS\Core\Database\PreparedStatement::rowCount ( )

Returns the number of rows affected by the last SQL statement.

Returns
integer The number of rows.

Definition at line 493 of file PreparedStatement.php.

◆ seek()

TYPO3\CMS\Core\Database\PreparedStatement::seek (   $rowNumber)

Moves internal result pointer.

Parameters
integer$rowNumberWhere to place the result pointer (0 = start)
Returns
boolean Returns TRUE on success or FALSE on failure.

Definition at line 452 of file PreparedStatement.php.

◆ setFetchMode()

TYPO3\CMS\Core\Database\PreparedStatement::setFetchMode (   $mode)

Sets the default fetch mode for this prepared query.

Parameters
integer$modeOne of the ::FETCH_* constants
Returns
void

Definition at line 531 of file PreparedStatement.php.

◆ tokenizeQueryParameterMarkers()

TYPO3\CMS\Core\Database\PreparedStatement::tokenizeQueryParameterMarkers (   $query,
array  $parameterValues 
)
protected

Replace the markers with unpredictable token markers.

Parameters
string$query
array$parameterValues
Returns
string
Exceptions

Definition at line 635 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks().

Member Data Documentation

◆ $buffer

TYPO3\CMS\Core\Database\PreparedStatement::$buffer
protected

Definition at line 131 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ $defaultFetchMode

TYPO3\CMS\Core\Database\PreparedStatement::$defaultFetchMode = self::FETCH_ASSOC
protected

Definition at line 114 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ $fields

TYPO3\CMS\Core\Database\PreparedStatement::$fields
protected

Definition at line 126 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $parameters

TYPO3\CMS\Core\Database\PreparedStatement::$parameters
protected

Definition at line 107 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $parameterWrapToken

TYPO3\CMS\Core\Database\PreparedStatement::$parameterWrapToken
protected

Definition at line 139 of file PreparedStatement.php.

◆ $precompiledQueryParts

TYPO3\CMS\Core\Database\PreparedStatement::$precompiledQueryParts
protected

Definition at line 93 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), and TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $query

TYPO3\CMS\Core\Database\PreparedStatement::$query
protected

Definition at line 86 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks(), TYPO3\CMS\Core\Database\PreparedStatement\execute(), TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders(), and TYPO3\CMS\Core\Database\PreparedStatement\tokenizeQueryParameterMarkers().

◆ $statement

TYPO3\CMS\Core\Database\PreparedStatement::$statement
protected

Definition at line 121 of file PreparedStatement.php.

◆ $table

TYPO3\CMS\Core\Database\PreparedStatement::$table
protected

Definition at line 100 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct().

◆ FETCH_ASSOC

const TYPO3\CMS\Core\Database\PreparedStatement::FETCH_ASSOC = 2

Definition at line 73 of file PreparedStatement.php.

◆ FETCH_NUM

const TYPO3\CMS\Core\Database\PreparedStatement::FETCH_NUM = 3

Definition at line 80 of file PreparedStatement.php.

◆ PARAM_AUTOTYPE

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE = 4

Definition at line 64 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\DatabaseConnection\searchQuery().

◆ PARAM_BOOL

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_BOOL = 3

Definition at line 58 of file PreparedStatement.php.

◆ PARAM_INT

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_INT = 1

Definition at line 46 of file PreparedStatement.php.

◆ PARAM_NULL

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_NULL = 0

Definition at line 40 of file PreparedStatement.php.

◆ PARAM_STR

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_STR = 2

Definition at line 52 of file PreparedStatement.php.