Page 1 of 1
question on db_query_bound an array
Posted: 21 Jul 2018, 02:45
by jingshaochen
Hi,
When I have this query:
Code: Select all
$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query_bound($query, array($reporter_id_array));
Does it work?
Thanks,
Jingshao
Re: question on db_query_bound an array
Posted: 23 Jul 2018, 09:38
by cas
db_query_bound is deprecated, you should use db_query.
In case you want to have the results in an array, theer is enough documetation available, for example here:
https://stackoverflow.com/questions/778 ... -php-array
Re: question on db_query_bound an array
Posted: 25 Jul 2018, 15:56
by jingshaochen
db_query_bound is deprecated, you should use db_query
I thought it is the other way around. Can you point me to the document?
My understanding is that
together with
is to avoid SQL injection.
I don't need results to be in an array, I wanted to PASS and array as parameter to the query.
If there is a better safe way, I would like to hear.
Re: question on db_query_bound an array
Posted: 25 Jul 2018, 23:58
by jingshaochen
Ok. I see it in the code. query_bound is deprecated. I should use db_query() only.
I will test how to supply an array to the query, and update this thread later.
Re: question on db_query_bound an array
Posted: 26 Jul 2018, 17:43
by jingshaochen
I tried to put the array directly in db_query(), it did not work. So the following code does not work:
Code: Select all
$reporter_id_array = array(1,2,3);
$query = "select id from mantis_bug_table where repoerter_id in " . db_param();
$result = db_query($query, array($reporter_id_array));
The error is a sql error complaining something about 'Array'. I think db_query() simply sub db_param() with an 'Array' when it sees $reporter_id_array.
So I use the following work around and it works:
Code: Select all
$reporter_id_array = array(1,2,3);
$db_param_list = array(db_param(), db_param(), db_param());
$db_param_str = "(" . implode(",", $db_param_list) . ")";
$query = "select id from mantis_bug_table where repoerter_id in " . $db_param_str ;
$result = db_query_bound($query, $reporter_id_array);
Please let me know if there is a better way to do this.
Thanks!
Re: question on db_query_bound an array
Posted: 11 Mar 2019, 15:48
by jingshaochen
Saw a new db query that works:
Code: Select all
$query = new DbQuery('select id from {bug} where id in :id_list');
$query->bind('id_list', array(123,234,345));