I am trying to get URL parameter in SQL, but nothing happens.
Here is my URL:
http://localhost/webshop/imagegallery.php?categori=necklace
Here is my SQL query:
$sql = 'SELECT count(productid) FROM products where productcategori=".$_GET["categori"]"';
What am I doing wrong?
Have a look at this query, too:
$sql = 'select * from products join ids on products.productid=ids.productid join photos on photos.photosid=ids.photoid where products.productcategori='".$_GET["kategori"]."' && ids.photonumber=1 ORDER BY products.productid DESC $limit';
First of all, your quotation marks seem to be the problem. Try changing your query line to this:
$sql = "SELECT count(productid) FROM products where productcategori='".$_GET["categori"]."'";
Further, you should never insert variables into a SQL query like this. Never.
The reason is that like this, your system is vulnerable for SQL injections.
Instead consider using PDO. This SO question has a nice answer on how to do it correctly.
Using that answer, this is some example code regarding the last part of your question. Note that I replaced all variables in your query string by PDO placeholders.
<?php
$pdo = new PDO('mysql:dbname=mydatabase;host=127.0.0.1;charset=utf8', 'username', 'password');
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM products JOIN ids ON products.productid=ids.productid JOIN photos ON photos.photosid=ids.photoid WHERE products.productcategori=:categori && ids.photonumber=1 ORDER BY products.productid DESC LIMIT :limit_min , :limit_max";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':categori', $_GET['categori']);
$stmt->bindParam(':limit_min', ($pagenum - 1) * $page_rows, PDO::PARAM_INT);
$stmt->bindParam(':limit_max', $page_rows, PDO::PARAM_INT);
$stmt->execute();
foreach($stmt as $row) {
// do something with $row
}
?>
Related
I need to do a bulk insert of thousands of records (5k up to 20k).
The scenario is User<->n:m<->Group. The list of users is obtained by a complex query with many joins.
I have access to the QueryBuilder that generates the list.
The simpliest approach to add the users to the group is
$users = $this->repository->findRecipientsByCriteria($group->getCriteria());
foreach ($users as $user){
$group->addUser($user);
}
But for the number of users involved i don't think it's a good idea (in term of performances).
I can't even iterate results because of the fetch join relations.
I would like to inject the QueryBuilder Dql (or Sql) to the INSERT statement?
I mean something like:
$qb = $this->repository->getRecipientsByCriteriaQueryBuilder($group->getCriteria());
$qb->select("'".$group->getId()."' AS gruppo_id, U.id AS utente_id");
$d = $qb->getQuery()->getSQL();
$q = $this->entityManager->createNativeQuery('INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) '.$d, new ResultSetMapping());
$q->execute();
But this results in
INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) SELECT '64f105a3-a6ab-460a-8378-84b0c3258601' AS sclr_0, s0_.id AS id_1 FROM security_utente s0_ INNER JOIN security_utente_cliente s1_ ON s0_.id = s1_.utente_id INNER JOIN api_cliente a2_ ON s1_.cliente_id = a2_.id INNER JOIN api_indirizzo_cliente a3_ ON a2_.id = a3_.cliente_id INNER JOIN api_contratto a4_ ON a2_.id = a4_.cliente_id WHERE s1_.verificato = ? AND a3_.city = ?
Where parameters are not set, while i thought thatthe parameters should have been be set in getRecipientsByCriteriaQueryBuilder
Due to doctrine native SQL resctrictions
If you want to execute DELETE, UPDATE or INSERT statements the Native
SQL API cannot be used and will probably throw errors. Use
EntityManager#getConnection() to access the native database connection
and call the executeUpdate() method for these queries.
I've used this solution (executeUpdate is deprecated in favor of executeStatement)
$usersQueryBuilder = $this->repository->getRecipientsByCriteriaQueryBuilder($group->getCriteria());
$usersQueryBuilder->select("'".$group->getId()."' AS gruppo_id, U.id AS utente_id");
$parameters = $usersQueryBuilder->getParameters();
$p = [];
/** #var Parameter $parameter */
foreach ($parameters as $parameter){
$p[] = $parameter->getValue();
}
$conn = $this->entityManager->getConnection();
$conn->executeStatement('INSERT INTO `msg_gruppo_utente` (`gruppo_id`, `utente_id`) '.
$usersQueryBuilder->getQuery()->getSQL(), $p);
can I convert this query
"SELECT * FROM (SELECT * FROM blog_post ORDER BY data DESC) blog_post GROUP BY blog_id LIMIT 2"
into a Yii2 active record query?
Thx
Ms
Yes, you can do this.
Yii2 gave us a wonderful library support.
You can form custom sql query and pass this query in findBySql() like:
$sql = "Some query/nested query";
$result = ModelClass::findBySql($sql);
Visit Yii official documentation.
BlogPost::find()
->orderBy('data DESC')
->groupBy('blog_id')
->limit(2)
->all();
I suppose you can do in this way :
Ⅰ:create a subQuery where you select from.
$blogPostQuery = BlogPostModel::find()->orderBy(['data' => SORT_DESC]);
Ⅱ:Get activeRecord results. The from params is an exist Query.
$models = (new yii\db\Query)
->from(['blog_post ' => $blogPostQuery])
->groupBy(['blog_id'])
->limit(2)
->all();
ps:
see yii\db\query->from()-detail in Yii Api;
(public $this from ( $tables )) $tables can be either a string (e.g. 'user') or an array (e.g. ['user', 'profile']) specifying one or several table names··· or a sub-query or DB expression
Have a try!I hope it`s useful for you:))
I am working on codeigniter and I am writing the following query:
$this->db->select('*');
$this->db->from('tbl_profile');
$this->db->join('tbl_msg', 'tbl_msg.msg_sender_id = tbl_profile.profile_id');
$this->db->order_by("msg_id", "desc");
$query = $this->db->get('', $config['per_page'], $this->uri->segment(3));
$data['records'] = $query->result_array();
Correspondingly I am getting the following result:
SELECT (*) FROM tbl_profile
JOIN tbl_msg ON tbl_msg.msg_sender_id = tbl_profile.profile_id
Which is returninng a wrong result as I want the result corresponding to the following query:
select * from tbl_profile as A
join (select * from tbl_msg) as B on A.profile_id = B.msg_sender_id
Please help
First of all, you missing the order by clause, but I assum, you mean other differences.
If you want that, you can use this query, what will gave you back the exact code:
$this->db->select('*', FALSE);
$this->db->from('tbl_profile as A');
$this->db->join('( select * from tbl_msg ) as B', 'A.msg_sender_id = B.profile_id');
$this->db->order_by("msg_id", "desc");
$query = $this->db->get('', $config['per_page'], $this->uri->segment(3));
$data['records'] = $query->result_array();
From codeigniter user manual:
$this->db->select()
accepts an optional second parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks. This is useful if you need a compound select statement.
I have configured code igniter to use db prefix.
At all other places it is working as expected but while creating table aliases it is prepending db prefix.
Code is as under:-
$this->db->from('table_a');
$this->db->join('table_b', 'table_a.id = table_b.a_id', 'left');
-----
$this->db->join('table_b as tablebAlias', 'table_c.id = tablebAlias.a_id', 'left');
Assuming my dbprefix is set to value 'foo'.
Final query which is getting executed is as under:-
Select * From foo_table_a left join foo_table_b on foo_table_a.id = foo_table_b.a_id
--- left join foo_table_b as tablebAlias on foo_table_c.id = foo_tablebAlias.a_id
Any help will be highly appreciable.
Thanks,
Jatin
I found out that manual queries ignore table prefix. I also found out that there is a way to add table prefix to manual queries:
In config/database.php
One can do this:
$db['default']['dbprefix'] = "feed_";
$db['default']['swap_pre'] = "{PRE}";
So that this can be done:
$sql = "SELECT * FROM {PRE}item";
$query = $this->db->query($sql);
The {PRE} becomes feed_.
But swap_pre is not config.php which leads me to think that this is CI 2.0 feature.
I need to perform this query:
SELECT * FROM (SELECT * FROM product WHERE car = 'large' ORDER BY onSale DESC) AS product_ordered GROUP BY type
In Symfony2 using the entity manager.
My basic query builder would be :
$query = $em->getRepository('AutomotiveBundle:Car')
->createQueryBuilder('p')
->where('pr.car = ?1')
->andWhere('pr.status = 1')
->orderBy('pr.onSale', 'DESC')
->setParameter(1, $product->getName())
->groupBy('p.type')
->getQuery();
But I cannot work out how to add in a subquery to this.
Ive tried making a separate query and joining it like:
->andWhere($query->expr()->in('pr.car = ?1',$query2->getQuery()));
But I get:
Call to undefined method Doctrine\ORM\Query::expr()
One trick is to build two queries and then use getDQL() to feed the first query into the second query.
For example, this query returns a distinct list of game ids:
$qbGameId = $em->createQueryBuilder();
$qbGameId->addSelect('distinct gameGameId.id');
$qbGameId->from('ZaysoCoreBundle:Event','gameGameId');
$qbGameId->leftJoin('gameGameId.teams','gameTeamGameId');
if ($date1) $qbGameId->andWhere($qbGameId->expr()->gte('gameGameId.date',$date1));
if ($date2) $qbGameId->andWhere($qbGameId->expr()->lte('gameGameId.date',$date2));
Now use the dql to get additional information about the games themselves:
$qbGames = $em->createQueryBuilder();
$qbGames->addSelect('game');
$qbGames->addSelect('gameTeam');
$qbGames->addSelect('team');
$qbGames->addSelect('field');
$qbGames->addSelect('gamePerson');
$qbGames->addSelect('person');
$qbGames->from('ZaysoCoreBundle:Event','game');
$qbGames->leftJoin('game.teams', 'gameTeam');
$qbGames->leftJoin('game.persons', 'gamePerson');
$qbGames->leftJoin('game.field', 'field');
$qbGames->leftJoin('gameTeam.team', 'team');
$qbGames->leftJoin('gamePerson.person', 'person');
// Here is where we feed in the dql
$qbGames->andWhere($qbGames->expr()->in('game.id',$qbGameId->getDQL()));
Kind of a long example but i didn't want to edit out stuff and maybe break it.
You can use DBAL for performing any sql query.
$conn = $this->get('database_connection');//create a connection with your DB
$sql="SELECT * FROM (SELECT * FROM product WHERE car =? ORDER BY onSale DESC) AS product_ordered GROUP BY type"; //Your sql Query
$stmt = $conn->prepare($sql); // Prepare your sql
$stmt->bindValue(1, 'large'); // bind your values ,if you have to bind another value, you need to write $stmt->bindValue(2, 'anothervalue'); but your order is important so on..
$stmt->execute(); //execute your sql
$result=$stmt->fetchAll(); // fetch your result
happy coding