Is it safe to use DB :: select and others in Laravel? - laravel

Queries are not always simple, and sometimes I need to create a pure SQL query, the query builder also does not fit.
При использовании DB::select, подготовливаются ли
переменные, которые подставлены в запрос?
Will there be a sql injection in this case?
$mastersInCity = DB::select('SELECT
master_user.master_id,
masters.specialization,
category_letter_master.category_letter_id AS master_letter,
COUNT(*) AS count_in_city
FROM master_user
LEFT JOIN masters ON master_user.master_id = masters.id
LEFT JOIN category_letter_master ON category_letter_master.master_id = master_user.master_id
WHERE ' . $chooiseId . ' = ' . $cityId . ' GROUP
BY master_user.master_id, master_letter');
Or, in this case, it is better to use PDO directly, so as to manually prepare the request yourself, is it possible?

$mastersInCity = DB::select('SELECT
master_user.master_id,
masters.specialization,
category_letter_master.category_letter_id AS master_letter,
COUNT(*) AS count_in_city
FROM master_user
LEFT JOIN masters ON master_user.master_id = masters.id
LEFT JOIN category_letter_master ON category_letter_master.master_id = master_user.master_id
WHERE ? = ? GROUP
BY master_user.master_id, master_letter', [$chooiseId, $cityId]);
This is equivalent to a prepared statement.
Docs: https://laravel.com/docs/5.7/database#running-queries
Edit: I am sure this can be done with eloquent simply, there is nothing too complex here. Something like:
MasterUser::with(['master', 'master_letter'])->withCount()->where($chooiseId, $cityId)->get()

Related

Doctrine Many-To-Many bulk insert

I need to do a bulk insert of thousands of records (5k up to 20k).
The scenario is User<->n:m<->Group. The list of users is obtained by a complex query with many joins.
I have access to the QueryBuilder that generates the list.
The simpliest approach to add the users to the group is
$users = $this->repository->findRecipientsByCriteria($group->getCriteria());
foreach ($users as $user){
$group->addUser($user);
}
But for the number of users involved i don't think it's a good idea (in term of performances).
I can't even iterate results because of the fetch join relations.
I would like to inject the QueryBuilder Dql (or Sql) to the INSERT statement?
I mean something like:
$qb = $this->repository->getRecipientsByCriteriaQueryBuilder($group->getCriteria());
$qb->select("'".$group->getId()."' AS gruppo_id, U.id AS utente_id");
$d = $qb->getQuery()->getSQL();
$q = $this->entityManager->createNativeQuery('INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) '.$d, new ResultSetMapping());
$q->execute();
But this results in
INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) SELECT '64f105a3-a6ab-460a-8378-84b0c3258601' AS sclr_0, s0_.id AS id_1 FROM security_utente s0_ INNER JOIN security_utente_cliente s1_ ON s0_.id = s1_.utente_id INNER JOIN api_cliente a2_ ON s1_.cliente_id = a2_.id INNER JOIN api_indirizzo_cliente a3_ ON a2_.id = a3_.cliente_id INNER JOIN api_contratto a4_ ON a2_.id = a4_.cliente_id WHERE s1_.verificato = ? AND a3_.city = ?
Where parameters are not set, while i thought thatthe parameters should have been be set in getRecipientsByCriteriaQueryBuilder
Due to doctrine native SQL resctrictions
If you want to execute DELETE, UPDATE or INSERT statements the Native
SQL API cannot be used and will probably throw errors. Use
EntityManager#getConnection() to access the native database connection
and call the executeUpdate() method for these queries.
I've used this solution (executeUpdate is deprecated in favor of executeStatement)
$usersQueryBuilder = $this->repository->getRecipientsByCriteriaQueryBuilder($group->getCriteria());
$usersQueryBuilder->select("'".$group->getId()."' AS gruppo_id, U.id AS utente_id");
$parameters = $usersQueryBuilder->getParameters();
$p = [];
/** #var Parameter $parameter */
foreach ($parameters as $parameter){
$p[] = $parameter->getValue();
}
$conn = $this->entityManager->getConnection();
$conn->executeStatement('INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) '.
$usersQueryBuilder->getQuery()->getSQL(), $p);

Delete Join in query builder Laravel

I have a delete query like this:
DELETE prefix_tableA, prefix_tableB, prefix_tableC
FROM prefix_tableA
INNER JOIN prefix_tableB ON prefix_tableA.user_id = prefix_tableB.user_id
INNER JOIN prefix_tableC ON prefix_tableB.user_id = prefix_tableC.user_id
WHERE prefix_tableA.id = 148
Now I want to convert it to query builder. I searched a lot of posts here but still not found expected answer.
I don't want to use DB::raw because I have prefix in my table name. When I change the prefix, my query will error.
Anyway to write this in query builder?
Thank you!
You can do this using DB::delete() or DB::statement()
Try this query :
\DB::delete('DELETE prefix_tableA, prefix_tableB, prefix_tableC FROM prefix_tableA, prefix_tableB, prefix_tableC INNER JOIN prefix_tableB ON prefix_tableA.user_id = prefix_tableB.user_id INNER JOIN prefix_tableC ON prefix_tableB.user_id = prefix_tableC.user_id WHERE prefix_tableA.id = 148');
Try this Query your Controller
DB::table('prefix_tableA')->join('prefix_tableB','prefix_tableA.user_id','=','prefix_tableB.user_id')->join('prefix_tableC','prefix_tableB.user_id','=','prefix_tableC.user_id')->where('prefix_tableA.id',148)->delete('prefix_tableA', 'prefix_tableB', 'prefix_tableC');
Thanks for your reply guys!
Like I said, I config my table prefix in config/database.php, so use raw query will be error if I change the prefix name in that file.
So my only way for me to do this is write a delete query in each single table and call it in my controller. I implemented about 3 model, long code, but it's the only way in Laravel!
You should try as this way. This way works form me.
$raw_query = 'DELETE prefix_tableA, prefix_tableB, prefix_tableC
FROM prefix_tableA
INNER JOIN prefix_tableB ON prefix_tableA.user_id = prefix_tableB.user_id
INNER JOIN prefix_tableC ON prefix_tableB.user_id = prefix_tableC.user_id
WHERE prefix_tableA.id = ?';
$status = \DB::delete($raw_query, array('148'));
Documentation: http://laravel.com/docs/database#running-queries

implementing oracle query to powerbuilder

I have difficulty in implementing Oracle query to powerbuilder. I have 3 singeline edit the name is :
1. sle_merk
2. sle_tipe
3. sle_jns
and I have oracle query
select b.nm_merk
, c.keterangan
, c.tipe
, b.keterangan
, c.usrid
, c.otr
, c.dupd
, c.dotr
, c.status
from tipe_kend c
left
outer
join jns_kendaraan b
on c.kd_jenis = b.kd_jenis
left
outer
join merk_kend b
on c.kd_merk = b.kd_merk
where b.kd_jenis like '%%'
AND b.kd_merk like '%%'
AND c.tipe like '%%'
what I want is if all singeline edit is null then the data is appears, but when one of singeline edit is filled then the data is appears where data like %singelineedit%. I have difficulty in implementing the query into Powerbuilder.
Since you don't say you are using a datawindow control I will assume you are not. With that being said then this must be a piece of embedded SQL inside some method. As such you need to declare variables for each of the columns in your retrieve. You also need variables to hold the contents of the SLE controls.
You would end up with something like this:
string ls_nm // make sure datatypes are correct
string ls_sle1, ls_sle2, ls_sle3
// get values of the sle controls
ls_sle1 = sle_merk.text
IF IsNull(ls_sle1) THEN ls_sle1 = ''
ls_sle2 = sle_tipe.text
IF IsNull(ls_sle2) THEN ls_sle2 = ''
ls_sle3 = sle_jns.text
IF IsNull(ls_sle3) THEN ls_sle3 = ''
select b.nm_merk, ...
INTO :ls_nm, ...
from tipe_kend c
left outer join ns_kendaraan b on c.kd_jenis = b.kd_jenis
left outer join merk_kend b on c.kd_merk = b.kd_merk
where b.kd_jenis like '%' + ls_sle1 + '%'
AND b.kd_merk like '%' + ls_sle2 + '%'
AND c.tipe like '% + ls_sle3 + '%';
Note this will FAIL if more than a single row is returned. If you need multiple rows you need to use a datawindow/datastore control (or cursors but they are very inefficient).

Raw SQL query or Doctrine_Query? What is the best in performance?

I made this query in raw SQL and need some help moving to Doctrine:
SELECT
re . *, t.tipo, m.patente, o.nombre, de.revisado
FROM
sdriving_registros_emisores re
LEFT JOIN
sdriving_turno t ON re.idturno = t.idturno
LEFT JOIN
sdriving_maquina_emisor me ON me.idmaquinaemisor = re.maquinaemisorid
LEFT JOIN
sdriving_maquina m ON me.idmaquina = m.idmaquina
LEFT JOIN
sdriving_operador o ON re.idoperador = o.idoperador
LEFT JOIN
sdriving_detalle_emisores de ON de.idregistros = re.idregistros
WHERE
o.idempresa = 1
Also I wish to know what's the best method in perfomance: executing raw query or using Doctrine Query or something else

Doctrine 2.0 native query without mapping

I am writing a tiny little migration script and i am only trying to update one attribute of one element.
The Result i need has no Representation in the local Environment, so what i would need is a very simple SQL (here it is Oracle) handler that i can iterate over and get an array returned.
Is that possible with doctrine?
i.e. i would want to do this:
$query = "SELECT t2.status FROM t2 LEFT JOIN t1 ON t1.id = t2.foreinkey";
$iterator = $connection->execute($query)->iterate();
foreach ($iterator as $array) {
// do something with an associative array
}
UPDATE / SOLUTION:
With the Hint from Corbin i came up with this Solution which works pretty fine:
$query = "SELECT t2.status FROM t2 LEFT JOIN t1 ON t1.id = t2.foreinkey";
$iterator = $connection->query($query);
while (is_object($iterator) AND ($array = $iterator->fetch()) !== FALSE) {
// do something with an associative array
}
https://www.doctrine-project.org/projects/doctrine-orm/en/latest/reference/native-sql.html#native-sql
If you want to do any mapping.
Another option would be to get the connection object from EntityManager::getConnection and operate on it.
It returns a Doctrine\DBAL\Connection which you should be able to work with. It has the typical fetchColumn fetchArray fetchAssoc so on.

Resources