TYPO3 CMS  TYPO3_7-6
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Database\PreparedStatement Class Reference

Public Member Functions

 __construct ($query, $table, array $precompiledQueryParts=[])
 
 bindValues (array $values)
 
 bindValue ($parameter, $value, $data_type=self::PARAM_AUTOTYPE)
 
 execute (array $input_parameters=[])
 
 fetch ($fetch_style=0)
 
 seek ($rowNumber)
 
 fetchAll ($fetch_style=0)
 
 free ()
 
 rowCount ()
 
 errorCode ()
 
 errorInfo ()
 
 setFetchMode ($mode)
 

Public Attributes

const PARAM_NULL = 0
 
const PARAM_INT = 1
 
const PARAM_STR = 2
 
const PARAM_BOOL = 3
 
const PARAM_AUTOTYPE = 4
 
const FETCH_ASSOC = 2
 
const FETCH_NUM = 3
 

Protected Member Functions

 guessValueType ($value)
 
 hasNamedPlaceholders ($query)
 
 convertNamedPlaceholdersToQuestionMarks (&$query, array &$parameterValues, array &$precompiledQueryParts)
 
 tokenizeQueryParameterMarkers ($query, array $parameterValues)
 
 generateParameterWrapToken ()
 

Protected Attributes

 $query
 
 $precompiledQueryParts
 
 $table
 
 $parameters
 
 $defaultFetchMode = self::FETCH_ASSOC
 
 $statement
 
 $fields
 
 $buffer
 
 $parameterWrapToken
 

Detailed Description

TYPO3 prepared statement for DatabaseConnection

USE: In all TYPO3 scripts when you need to create a prepared query: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'pages', 'uid = :uid'); $statement->execute(array(':uid' => 2)); while (($row = $statement->fetch()) !== FALSE) { ... } $statement->free();

Definition at line 31 of file PreparedStatement.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Database\PreparedStatement::__construct (   $query,
  $table,
array  $precompiledQueryParts = [] 
)

Creates a new PreparedStatement. Either $query or $queryComponents should be used. Typically $query will be used by native MySQL TYPO3_DB on a ready-to-be-executed query. On the other hand, DBAL will have parse the query and will be able to safely know where parameters are used and will use $queryComponents instead.

This constructor may only be used by

Parameters
string$querySQL query to be executed
string$tableFROM table, used to call $GLOBALS['TYPO3_DB']->fullQuoteStr().
array$precompiledQueryPartsComponents of the query to be executed private

Definition at line 160 of file PreparedStatement.php.

References $GLOBALS, TYPO3\CMS\Core\Database\PreparedStatement\$precompiledQueryParts, TYPO3\CMS\Core\Database\PreparedStatement\$query, TYPO3\CMS\Core\Database\PreparedStatement\$table, TYPO3\CMS\Core\Database\PreparedStatement\generateParameterWrapToken(), and TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders().

Member Function Documentation

◆ bindValue()

TYPO3\CMS\Core\Database\PreparedStatement::bindValue (   $parameter,
  $value,
  $data_type = self::PARAM_AUTOTYPE 
)

Binds a value to a corresponding named or question mark placeholder in the SQL statement that was use to prepare the statement.

Example 1: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?'); $statement->bindValue(1, 'goofy'); $statement->bindValue(2, 'FIXED');

Example 2: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status'); $statement->bindValue(':nickname', 'goofy'); $statement->bindValue(':status', 'FIXED');

Parameters
mixed$parameterParameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.
mixed$valueThe value to bind to the parameter.
int$data_typeExplicit data type for the parameter using the ::PARAM_* constants. If not given, the PHP type of the value will be used instead (int, string, boolean).
Returns
The current prepared statement to allow method chaining

Definition at line 231 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\guessValueType().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\bindValues().

◆ bindValues()

TYPO3\CMS\Core\Database\PreparedStatement::bindValues ( array  $values)

Binds an array of values to corresponding named or question mark placeholders in the SQL statement that was use to prepare the statement.

Example 1: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?'); $statement->bindValues(array('goofy', 'FIXED'));

Example 2: $statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status'); $statement->bindValues(array(':nickname' => 'goofy', ':status' => 'FIXED'));

Parameters
array$valuesThe values to bind to the parameter. The PHP type of each array value will be used to decide which PARAM_* type to use (int, string, boolean, NULL), so make sure your variables are properly casted, if needed.
Returns
The current prepared statement to allow method chaining

Definition at line 198 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\bindValue().

◆ convertNamedPlaceholdersToQuestionMarks()

TYPO3\CMS\Core\Database\PreparedStatement::convertNamedPlaceholdersToQuestionMarks ( $query,
array &  $parameterValues,
array &  $precompiledQueryParts 
)
protected

Converts named placeholders into question mark placeholders in a query.

Parameters
string$query
array$parameterValues
array$precompiledQueryParts
Returns
void

Definition at line 598 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query, TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders(), and TYPO3\CMS\Core\Database\PreparedStatement\tokenizeQueryParameterMarkers().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ errorCode()

TYPO3\CMS\Core\Database\PreparedStatement::errorCode ( )

Returns the error number on the last execute() call.

Returns
int Driver specific error code.

Definition at line 516 of file PreparedStatement.php.

◆ errorInfo()

TYPO3\CMS\Core\Database\PreparedStatement::errorInfo ( )

Returns an array of error information about the last operation performed by this statement handle. The array consists of the following fields:

  1. Driver specific error code.
  2. Driver specific error message
Returns
array Array of error information.

Definition at line 531 of file PreparedStatement.php.

◆ execute()

TYPO3\CMS\Core\Database\PreparedStatement::execute ( array  $input_parameters = [])

Executes the prepared statement. If the prepared statement included parameter markers, you must either:

  • call TYPO3\CMS\Core\Database\PreparedStatement::bindParam()tobindPHPvariablestotheparametermarkers:boundvariablespasstheirvalueasinput</li><li>orpassanarrayofinput-onlyparametervalues</li></ul>$input_parametersbehaveasin@link\TYPO3\CMS\Core\Database\PreparedStatement::bindParams()andworkforbothnamedparametersandquestionmarkparameters.Example1:<code>$statement=$GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = ? AND bug_status = ?');$statement->execute(array('goofy', 'FIXED'));</code>Example2:<code>$statement=$GLOBALS['TYPO3_DB']->prepare_SELECTquery('*', 'bugs', 'reported_by = :nickname AND bug_status = :status');$statement->execute(array(':nickname' => 'goofy', ':status' => 'FIXED'));</code>@paramarray$input_parametersAnarrayofvalueswithasmanyelementsasthereareboundparametersintheSQLstatementbeingexecuted.ThePHPtypeofeacharrayvaluewillbeusedtodecidewhichPARAM_*typetouse(int,string,boolean,NULL),somakesureyourvariablesareproperlycasted,ifneeded.@returnboolReturnsTRUEonsuccessorFALSEonfailure.@throws\InvalidArgumentException@api

Definition at line 290 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$fields, $GLOBALS, TYPO3\CMS\Core\Database\PreparedStatement\$parameters, TYPO3\CMS\Core\Database\PreparedStatement\$precompiledQueryParts, TYPO3\CMS\Core\Database\PreparedStatement\$query, TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks(), and TYPO3\CMS\Core\Database\PreparedStatement\guessValueType().

◆ fetch()

TYPO3\CMS\Core\Database\PreparedStatement::fetch (   $fetch_style = 0)

Fetches a row from a result set associated with a object.

Parameters
int$fetch_styleControls how the next row will be returned to the caller. This value must be one of the ::FETCH_* constants. If omitted, default fetch mode for this prepared query will be used.
Returns
array Array of rows or FALSE if there are no more rows.

Definition at line 409 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$buffer, and TYPO3\CMS\Core\Database\PreparedStatement\$defaultFetchMode.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetchAll().

◆ fetchAll()

TYPO3\CMS\Core\Database\PreparedStatement::fetchAll (   $fetch_style = 0)

Returns an array containing all of the result set rows.

Parameters
int$fetch_styleControls the contents of the returned array as documented in TYPO3\CMS\Core\Database\PreparedStatement::fetch().@returnarrayArrayofrows.@api

Definition at line 478 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ free()

TYPO3\CMS\Core\Database\PreparedStatement::free ( )

Releases the cursor. Should always be call after having fetched rows from a query execution.

Returns
void

Definition at line 494 of file PreparedStatement.php.

◆ generateParameterWrapToken()

TYPO3\CMS\Core\Database\PreparedStatement::generateParameterWrapToken ( )
protected

Generate a random token that is used to wrap the query markers

Returns
string

Definition at line 678 of file PreparedStatement.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\getRandomHexString().

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct().

◆ guessValueType()

TYPO3\CMS\Core\Database\PreparedStatement::guessValueType (   $value)
protected

Guesses the type of a given value.

Parameters
mixed$value
Returns
int One of the ::PARAM_* constants

Definition at line 564 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\bindValue(), and TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ hasNamedPlaceholders()

TYPO3\CMS\Core\Database\PreparedStatement::hasNamedPlaceholders (   $query)
protected

Returns TRUE if named placeholers are used in a query.

Parameters
string$query
Returns
bool

Definition at line 584 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), and TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks().

◆ rowCount()

TYPO3\CMS\Core\Database\PreparedStatement::rowCount ( )

Returns the number of rows affected by the last SQL statement.

Returns
int The number of rows.

Definition at line 505 of file PreparedStatement.php.

◆ seek()

TYPO3\CMS\Core\Database\PreparedStatement::seek (   $rowNumber)

Moves internal result pointer.

Parameters
int$rowNumberWhere to place the result pointer (0 = start)
Returns
bool Returns TRUE on success or FALSE on failure.

Definition at line 461 of file PreparedStatement.php.

◆ setFetchMode()

TYPO3\CMS\Core\Database\PreparedStatement::setFetchMode (   $mode)

Sets the default fetch mode for this prepared query.

Parameters
int$modeOne of the ::FETCH_* constants
Returns
void

Definition at line 546 of file PreparedStatement.php.

◆ tokenizeQueryParameterMarkers()

TYPO3\CMS\Core\Database\PreparedStatement::tokenizeQueryParameterMarkers (   $query,
array  $parameterValues 
)
protected

Replace the markers with unpredictable token markers.

Parameters
string$query
array$parameterValues
Returns
string
Exceptions

Definition at line 653 of file PreparedStatement.php.

References TYPO3\CMS\Core\Database\PreparedStatement\$query.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks().

Member Data Documentation

◆ $buffer

TYPO3\CMS\Core\Database\PreparedStatement::$buffer
protected

Definition at line 136 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ $defaultFetchMode

TYPO3\CMS\Core\Database\PreparedStatement::$defaultFetchMode = self::FETCH_ASSOC
protected

Definition at line 119 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\fetch().

◆ $fields

TYPO3\CMS\Core\Database\PreparedStatement::$fields
protected

Definition at line 131 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $parameters

TYPO3\CMS\Core\Database\PreparedStatement::$parameters
protected

Definition at line 112 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $parameterWrapToken

TYPO3\CMS\Core\Database\PreparedStatement::$parameterWrapToken
protected

Definition at line 144 of file PreparedStatement.php.

◆ $precompiledQueryParts

TYPO3\CMS\Core\Database\PreparedStatement::$precompiledQueryParts
protected

Definition at line 98 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), and TYPO3\CMS\Core\Database\PreparedStatement\execute().

◆ $query

TYPO3\CMS\Core\Database\PreparedStatement::$query
protected

Definition at line 91 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct(), TYPO3\CMS\Core\Database\PreparedStatement\convertNamedPlaceholdersToQuestionMarks(), TYPO3\CMS\Core\Database\PreparedStatement\execute(), TYPO3\CMS\Core\Database\PreparedStatement\hasNamedPlaceholders(), and TYPO3\CMS\Core\Database\PreparedStatement\tokenizeQueryParameterMarkers().

◆ $statement

TYPO3\CMS\Core\Database\PreparedStatement::$statement
protected

Definition at line 126 of file PreparedStatement.php.

◆ $table

TYPO3\CMS\Core\Database\PreparedStatement::$table
protected

Definition at line 105 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\PreparedStatement\__construct().

◆ FETCH_ASSOC

const TYPO3\CMS\Core\Database\PreparedStatement::FETCH_ASSOC = 2

Definition at line 76 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Backend\Backend\ToolbarItems\ShortcutToolbarItem\shortcutExists(), and TYPO3\CMS\Backend\Utility\BackendUtility\shortcutExists().

◆ FETCH_NUM

const TYPO3\CMS\Core\Database\PreparedStatement::FETCH_NUM = 3

Definition at line 84 of file PreparedStatement.php.

◆ PARAM_AUTOTYPE

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE = 4

Definition at line 66 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Database\DatabaseConnection\searchQuery().

◆ PARAM_BOOL

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_BOOL = 3

Definition at line 59 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Database\PreparedStatementTest\invalidParameterTypesPassedToBindValueThrowsExceptionDataProvider().

◆ PARAM_INT

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_INT = 1

Definition at line 45 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Database\PreparedStatementTest\invalidParameterTypesPassedToBindValueThrowsExceptionDataProvider().

◆ PARAM_NULL

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_NULL = 0

Definition at line 38 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Database\PreparedStatementTest\invalidParameterTypesPassedToBindValueThrowsExceptionDataProvider().

◆ PARAM_STR

const TYPO3\CMS\Core\Database\PreparedStatement::PARAM_STR = 2

Definition at line 52 of file PreparedStatement.php.

Referenced by TYPO3\CMS\Dbal\Tests\Unit\Database\DatabaseConnectionTest\similarNamedParametersAreProperlyReplaced().