DbEscaper
, (*1)
Database wrapper to escape properly, allowing meaningful queries with parametrized values, (*2)
Getting started
Install it through composer with, (*3)
composer require neoparla/dbescaper
First step: connect
To create an instance just initialize it with connection data., (*4)
$db_escaper = DbEscaper::init(
array(
'host' => 'host',
'user' => 'user',
'pass' => 'pass',
'schema' => 'schema',
// 'port' => 3306
)
);
By default it will connect through port 3306., (*5)
Basic queries
To run a basic query, just DbEscaper::query., (*6)
$db_escaper->query('show tables');
Statements
To avouid unwanted queries to be executed (aka SQLInjection) use DbEscaper::prepare()., (*7)
$statement = $db_escaper->prepare($sql, $query_label);
You can bind following types of data.
* Double No transform
* Integer No transform
* String
* Field
* Tuple, (*8)
Binding::String
It'll escape strings (such as quotes) and wrapp it with quotes, (*9)
$value = "string with quotes (') and slashes (\)";
DbStatement->bindParam(':binding', $value, Binding::String);
// Real query: 'string with quotes (\') and slashes (\\)'
Binding::Field
It'll ensure valid MySQL field name and wrap it with backtips, (*10)
$value = "field_name";
DbStatement->bindParam(':binding', $value, Binding::Field);
// Real query: `field_name`
Binding::Tuple
It'll ensure all values are valid and will transform them if needed., (*11)
$value = new DbTuple(Binding::PARAM_STRING, array('string 1', 'string 2'), DbTuple::WITH_PARENTHESIS);;
DbStatement->bindParam(':binding', $value, Binding::Tuple);
// Real query: ( 'string 1', 'string 2' )
DbTuple class
To bind tuples you must use DbTuple class., (*12)
Binding::Double and Binding::Integer
These kind of bindings won't perform any transformation. It'll just check correct data type., (*13)
Wallogit.com
