question on db_query_bound an array

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
jingshaochen
Posts: 10
Joined: Jul 20, 2018 12:15 pm

question on db_query_bound an array

Post by jingshaochen » Jul 20, 2018 9:45 pm

Hi,

When I have this query:

Code: Select all

$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query_bound($query, array($reporter_id_array));
Does it work?

Thanks,
Jingshao

cas
Posts: 690
Joined: Mar 11, 2006 11:08 am
Contact:

Re: question on db_query_bound an array

Post by cas » Jul 23, 2018 4:38 am

db_query_bound is deprecated, you should use db_query.
In case you want to have the results in an array, theer is enough documetation available, for example here:
https://stackoverflow.com/questions/778 ... -php-array

jingshaochen
Posts: 10
Joined: Jul 20, 2018 12:15 pm

Re: question on db_query_bound an array

Post by jingshaochen » Jul 25, 2018 10:56 am

db_query_bound is deprecated, you should use db_query
I thought it is the other way around. Can you point me to the document?

My understanding is that

Code: Select all

db_query_bound()
together with

Code: Select all

db_param()
is to avoid SQL injection.

I don't need results to be in an array, I wanted to PASS and array as parameter to the query.

If there is a better safe way, I would like to hear.

jingshaochen
Posts: 10
Joined: Jul 20, 2018 12:15 pm

Re: question on db_query_bound an array

Post by jingshaochen » Jul 25, 2018 6:58 pm

Ok. I see it in the code. query_bound is deprecated. I should use db_query() only.

I will test how to supply an array to the query, and update this thread later.

jingshaochen
Posts: 10
Joined: Jul 20, 2018 12:15 pm

Re: question on db_query_bound an array

Post by jingshaochen » Jul 26, 2018 12:43 pm

I tried to put the array directly in db_query(), it did not work. So the following code does not work:

Code: Select all

$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query($query, array($reporter_id_array));
The error is a sql error complaining something about 'Array'. I think db_query() simply sub db_param() with an 'Array' when it sees $reporter_id_array.

So I use the following work around and it works:

Code: Select all

$reporter_id_array = array(1,2,3);
$db_param_list = array(db_param(), db_param(), db_param());
$db_param_str = "(" . implode(",", $db_param_list) . ")";
$query = "select id from mantis_bug_table where repoerter_id in " . $db_param_str ;
$result = db_query_bound($query, $reporter_id_array);
Please let me know if there is a better way to do this.

Thanks!

jingshaochen
Posts: 10
Joined: Jul 20, 2018 12:15 pm

Re: question on db_query_bound an array

Post by jingshaochen » Mar 11, 2019 10:48 am

Saw a new db query that works:

Code: Select all

$query = new DbQuery('select id from {bug} where id in :id_list');
$query->bind('id_list', array(123,234,345));
Nice!

Post Reply