Versions Compared

Old Version 19

changes.mady.by.user Marcus Gnaß

Saved on

compared with

New Version Current

changes.mady.by.user Marcus Gnaß

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagephp
linenumberstrue
// query(string $statement)
$idlang = 1;
$idart = 2;
$cfg = cRegistry::getConfig();
$db = cRegistry::getDb();

$sql = '
	SELECT 		* 	FROM 		`' . $cfg['tab']['art_lang'] . '`
	WHERE 		idart = ' . cSecurity::toInteger($idart) . '
		AND idlang = ' . cSecurity::toInteger($idlang) . '
;';

// query(string $statement)
$db->query($sql);

// access values
if ($db->nextRecord()) {
    echo $db->f('title');
}

2. Variant

An alternative is to call cDb::query() with multiple parameters, where the first is the SQL statement in which subsequent parameters will be embedded. The embedding will be performed in a way similar to formatting values with a format string.

Code Block
languagephp
linenumberstrue
// query(string $statement [, mixed $args [, mixed $... ]])
$sql = '
	SELECT 		* 	FROM 		`%s` 	WHERE 		idart = %d 		AND idlang = %d
;';
$db->query($sql, $cfg['tab']['art_lang'], $idart, $idlang);

...

Code Block
languagephp
linenumberstrue
// query(string $statement, array $values)
$sql = '
	SELECT 		* 	FROM 		`%s` 	WHERE 		idart = %d 		AND idlang = %d
;';
$values = array($cfg['tab']['art_lang'], $idart, $idlang);
$db->query($sql, $values);

...

Code Block
languagephp
linenumberstrue
$sql = '
	SELECT 		* 	FROM 		`:table_art_lang` 	WHERE 		idart = :idart 		AND idlang = :idlang
;';
$values = array(
    'table_art_lang' => $cfg['tab']['art_lang'],
    'idart' => cSecurity::toInteger($idart),
    'idlang' => cSecurity::toInteger($idlang)
);
$db->query($sql, $values);

...

Code Block
languagephp
linenumberstrue
// string prepare(string $statement [, mixed $args [, mixed $... ]])
$sql = 'SELECT * FROM `%s` WHERE idart = %d AND idlang = %d;';
$sql = $db->prepare($sql, $cfg['tab']['art_lang'], $idart, $idlang);
$db->query($sql);

...

Code Block
languagephp
linenumberstrue
// string prepare(string $statement, array $values)
$sql = 'SELECT * FROM `%s` WHERE idart = %d AND idlang = %d;';
$values = array($cfg['tab']['art_lang'], $idart, $idlang);
$sql = $db->prepare($sql, $values);
$db->query($sql);

...

Code Block
languagephp
linenumberstrue
// string prepare(string $statement, array $values)
$sql = 'SELECT * FROM `:table_art_lang` WHERE idart = :idart AND idlang = :idlang;';
$values = array(
    'table_art_lang' => $cfg['tab']['art_lang'],
    'idart' => (int) $idart,
    'idlang' => (int) $idlang
);
$sql = $db->prepare($sql, $values);
$db->query($sql);

...

Code Block
languagephp
linenumberstrue
$idcode = 123;
$idcatart = 12;
$idlang = 1;
$idclient = 1;
$code = "<html>... code n' fun ...</html>";
$cfg = cRegistry::getConfig();
$db = cRegistry::getDb();
$sql = "'INSERT INTO "' . $cfg["'tab"']["'code"'] ." '
	(idcode, idcatart, code, idlang, idclient)
       
VALUES
	("' . cSecurity::toInteger($idcode) ." ',
	' ". cSecurity::toInteger($idcatart) ." ',
        '".	"' . cSecurity::escapeDB($code, $db) . '",
	', ". cSecurity::toInteger($idlang) ." ',
        ".	' . cSecurity::toInteger($idclient) ." ')";';
$db->query($sql);

The method insert() is an alternative. The first parameter is the database table name whereas the second parameter is an associative array with array keys as column names and array values as record values.

...