question on db_query_bound an array

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
jingshaochen
Posts: 10
Joined: 20 Jul 2018, 17:15

question on db_query_bound an array

Post by jingshaochen »

Hi,

When I have this query:

Code: Select all

$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query_bound($query, array($reporter_id_array));
Does it work?

Thanks,
Jingshao
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: question on db_query_bound an array

Post by cas »

db_query_bound is deprecated, you should use db_query.
In case you want to have the results in an array, theer is enough documetation available, for example here:
https://stackoverflow.com/questions/778 ... -php-array
jingshaochen
Posts: 10
Joined: 20 Jul 2018, 17:15

Re: question on db_query_bound an array

Post by jingshaochen »

db_query_bound is deprecated, you should use db_query
I thought it is the other way around. Can you point me to the document?

My understanding is that

Code: Select all

db_query_bound()
together with

Code: Select all

db_param()
is to avoid SQL injection.

I don't need results to be in an array, I wanted to PASS and array as parameter to the query.

If there is a better safe way, I would like to hear.
jingshaochen
Posts: 10
Joined: 20 Jul 2018, 17:15

Re: question on db_query_bound an array

Post by jingshaochen »

Ok. I see it in the code. query_bound is deprecated. I should use db_query() only.

I will test how to supply an array to the query, and update this thread later.
jingshaochen
Posts: 10
Joined: 20 Jul 2018, 17:15

Re: question on db_query_bound an array

Post by jingshaochen »

I tried to put the array directly in db_query(), it did not work. So the following code does not work:

Code: Select all

$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query($query, array($reporter_id_array));
The error is a sql error complaining something about 'Array'. I think db_query() simply sub db_param() with an 'Array' when it sees $reporter_id_array.

So I use the following work around and it works:

Code: Select all

$reporter_id_array = array(1,2,3);
$db_param_list = array(db_param(), db_param(), db_param());
$db_param_str = "(" . implode(",", $db_param_list) . ")";
$query = "select id from mantis_bug_table where repoerter_id in " . $db_param_str ;
$result = db_query_bound($query, $reporter_id_array);
Please let me know if there is a better way to do this.

Thanks!
jingshaochen
Posts: 10
Joined: 20 Jul 2018, 17:15

Re: question on db_query_bound an array

Post by jingshaochen »

Saw a new db query that works:

Code: Select all

$query = new DbQuery('select id from {bug} where id in :id_list');
$query->bind('id_list', array(123,234,345));
Nice!
Post Reply