...
The method cDb::query() became much more fexible and now can be called in different styles with different parameter lists.
1.
...
Variant
This is the plain old syntax that is already supported in CONTENIDO 4.8.x.
| Code Block | ||||
|---|---|---|---|---|
| ||||
$idlang = 1;
$idart = 2;
$cfg = cRegistry::getConfig();
$db = cRegistry::getDb();
// query(string $statement)
$db->query('SELECT * FROM `' . $cfg['tab']['art_lang'] . '` WHERE idart = ' . cSecurity::toInteger($idart) . ' AND idlang = ' . cSecurity::toInteger($idlang));
if ($db->nextRecord()) {
echo $db->f('title');
} |
2.
...
Variant
An alternative is to call cDb::query() with multiple parameters, where the first is the SQL statement in which subsequent parameters will be embedded. The embedding will be performed in a way similar to formatting values with a format string.
| Code Block | ||||
|---|---|---|---|---|
| ||||
// query(string $statement [, mixed $args [, mixed $... ]])
$db->query('SELECT * FROM `%s` WHERE idart = %d AND idlang = %d', $cfg['tab']['art_lang'], $idart, $idlang);
if ($db->nextRecord()) {
echo $db->f('title');
} |
...
In this example the method will be called with four parameters. Please assure that for each formatting instruction (e.g. %s) exactly one parameter with its value is given.
- %s will be substituted by $cfg['tab']['art_lang']
- the 1st %d will be substituted by $idart
- the 2nd %d will be substituted by $idlang
Using this variant strings don't have to be manually escaped (cSecurity::escapeDB()) and integer values don't have to be casted (cSecurity::toInteger()) anymore. This will be assured automatically and the code will become more concise and more readable.
3. Variant
Alternativ kann man query() auch mit 2 Parametern aufrufen, wobei der erste Parameter die SQL-Anweisung in Form eines Formatierungsstrings ist und der zweite Parameter eine indexbasierte Liste mit Werten, die mit den Formatierungs-Anweisungen in der SQL-Anweisung verarbeitet werden.