sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update the limitations section to reflect the fact that DB2 is supported and has been tested, add description of the new executePreparedQuery method, and update the limitations again to reflect the fact that prepared statements are now supported.

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@191820 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Matthew Peters 2005-07-29 18:14:31 +00:00
parent f451cbe169
commit e8feaf24a1
2 changed files with 316 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

226
reference/sdodasrel/functions/SDO-DAS-Relational-executePreparedQuery.xml Normal file
View file

@ -0,0 +1,226 @@
<?xml version='1.0' encoding='iso-8859-1'?>
<!-- $Revision: 1.1 $ -->
<refentry id="function.SDO-DAS-Relational-executePreparedQuery">
<refnamediv>
<refname>SDO_DAS_Relational::executePreparedQuery</refname>
<refpurpose>
Executes an SQL query passed as a prepared statement, with a
list of values to substitute for placeholders, and return the
results as a normalised data graph.
</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>SDODataObject</type>
<methodname>SDO_DAS_Relational::executePreparedQuery</methodname>
<methodparam>
<type>PDO</type>
<parameter>database_handle</parameter>
</methodparam>
<methodparam>
<type>PDOStatement</type>
<parameter>prepared_statement</parameter>
</methodparam>
<methodparam>
<type>array</type>
<parameter>value_list</parameter>
</methodparam>
<methodparam choice="opt">
<type>array</type>
<parameter>column_specifier</parameter>
</methodparam>
</methodsynopsis>
&warn.experimental.func;
<para>
Executes a given query against the relational database,
using the supplied PDO database handle.
Differs from the simpler
<function>executeQuery</function>
in that it takes a prepared statement and a list of values.
This is the appropriate call to use either when the statement is
to executed a number of times with different arguments, and there
is therefore a performance benefit to be had from preparing the
statement only once, or when the the SQL statement is to contain
varying values taken from a source that cannot be completely trusted.
In this latter case it may be unsafe to construct the SQL statement
by simply concatenating the parts of the statement together,
since the values may contain pieces of SQL.
To guard against this, a so-called SQL injection attack,
it is safer to prepare the SQL statement with placeholders
(also known as parameter markers, denoted by '?') and supply a
list of the values to be substituted as a separate argument.
Otherwise this function is the same as
<function>executeQuery</function> in that
it uses the model that it built from the the metadata
to interpret the result set and returns a data graph.
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<para>
<variablelist>
<varlistentry>
<term>PDO_database_handle</term>
<listitem>
<para>
Constructed using the PDO extension.
A typical line to construct a PDO database handle might look
like this:
<programlisting role="php" id="sdo.das.rel.epq.examples.pdo">
<![CDATA[
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
]]>
</programlisting>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>prepared_statement</term>
<listitem>
<para>
A prepared SQL statement to be executed against the database.
This will have been prepared by PDO's
<function>prepare</function>
method.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>value_list</term>
<listitem>
<para>
An array of the values to be substituted into the
SQL stement in place of the placeholders. In the event
that there are no placeholders or parameter markers in the
SQL statement then this argument can be specified as &null;
or as an empty array;
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>column_specifier</term>
<listitem>
<para>
The Relational DAS needs to examine the result set and
for every column, know which table and which column of
that table it came from.
In some circumstances it can find this information for itself,
but sometimes it cannot.
In these cases a column specifier is needed,
which is an array that identifies the columns.
Each entry in the array is simply a string in the form
<varname>table-name.column_name</varname>.
</para>
<para>
The column specifier is needed when there are duplicate
column names in the database metadata,
For example, in the database used within the examples,
all the tables have both a
<varname>id</varname>
and a
<varname>name</varname>
column.
When the Relational DAS fetches the result set from PDO
it can do so with the PDO_FETCH_ASSOC attribute,
which will cause the columns in the results set
to be labelled with the column name, but will not distinguish
duplicates.
So this will only work when there are no duplicates
possible in the results set.
</para>
<para>
To summarise, specify a column specifier array whenever there
is any uncertainty about which column could be from which table and
only omit it when every column name in the database metadata is unique.
</para>
<para>
All of the examples in the
<link linkend='sdo.das.rel.examples'>Examples</link>
use a column specifier.
There is one example in the
<filename>Scenarios</filename>
directory of the installation that does not:
that which works with just the employee table,
and because it works with just one table,
there can not exist duplicate column names.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns a data graph.
Specifically, it returns a root object of a special type.
Under this root object will be the data from the result set.
The root object will have a multi-valued containment property
with the same name as the application root type
specified on the constructor,
and that property will contain one or more data objects
of the application root type.
</para>
<para>
In the event that the query returns no data,
the special root object will still be returned but
the containment property for the application root type will be empty.
</para>
</refsect1>
<refsect1 role="exceptions">
&reftitle.exceptions;
<para>
<function>SDO_DAS_Relational::executeQuery</function>
can throw an SDO_DAS_Relational_Exception if it is unable
to construct the data graph correctly.
This can occur for a number of reasons:
for example if it finds that it does not have primary keys
in the result set for all the objects.
It also catches any PDO exceptions and obtains PDO
diagnostic information which it includes in an
SDO_DAS_Relational_Exception which it then throws.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
Please see the
<link linkend='sdo.das.rel.examples'>Examples</link>
section in the general information about the
Relational DAS for many examples of calling this method.
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->

130
reference/sdodasrel/reference.xml
View file

@ -1,5 +1,5 @@
<?xml version='1.0' encoding='iso-8859-1'?>
<!-- $Revision: 1.9 $ -->
<!-- $Revision: 1.10 $ -->
<!-- Generated by xml_proto.php v2.1. Found in /scripts directory of phpdoc. -->
<reference id="ref.sdo.das.rel">
<title>SDO Relational Data Access Service Functions</title>
@ -54,7 +54,11 @@
<para>
The next step might be to call the
<function>executeQuery</function>
method on the Relational DAS, passing an SQL statement.
or
<function>executePreparedQuery</function>
methods on the Relational DAS, passing either a literal SQL statement
for the DAS to prepare and execute, or a prepared statement with
placeholders and a list of values to be inserted.
You may also need to specify a small amount of metadata
about the query itself, so that the Relational DAS knows
exactly what columns will be returned from the database and
@ -64,6 +68,8 @@
<para>
The return value from
<function>executeQuery</function>
or
<function>executePreparedQuery</function>
is a normalised data graph containing all the data from the result set.
For a query that returns data obtained from a number of tables,
this graph will contain a number of data objects,
@ -160,9 +166,11 @@ require_once 'SDO/DAS/Relational.php';
<para>
The Relational DAS uses PDO to access the relational database,
and so should run with a variety of different relational databases,
but at the time of writing has only been tested with MySQL 4.1.
On Windows it operates correctly with the php_pdo_mysql driver
that comes with the pre-built binaries in PHP 5.1.0b3.
but at the time of writing has only been tested with MySQL 4.1.7
on Windows and Linux, and DB2 8.2 Personal Edition on Windows.
On Windows it operates correctly with the php_pdo_mysql and
php_pdo_odbc drivers, for MySQL and DB2 respectively,
that come with the pre-built binaries in PHP 5.1.0b3.
On Linux it is necessary to have the most up-to-date PDO
driver for MySQL. It may be necessary to uninstall the usual
driver that would have come from PECL (using
@ -239,16 +247,6 @@ require_once 'SDO/DAS/Relational.php';
for example.
</para>
</listitem>
<listitem>
<para>
No support for prepared statements or bound variables.
Although PDO allows both of these - the ability to prepare and SQL
statement once and execute it many times, perhaps picking different
arguments for the query from variables within the application
- there is no support in the current Relational DAS interface
to allow this.
</para>
</listitem>
</itemizedlist>
</para>
</section>
@ -290,14 +288,31 @@ require_once 'SDO/DAS/Relational.php';
</para>
<para>
These examples all differ from the expected use of SDO in one important
respect: they show all interactions with the database completed within
These examples all differ from the expected use of SDO in two
important respects.
</para>
<para>
First, they show all interactions with the database completed within
one script. In this respect these scenarios are not realistic but are
chosen to illustrate just the use of the Relational DAS.
It is expected that interactions with the database will be separated
in time and the data graph serialised and deserialised into the PHP
session one or more times as the application interacts with an end user.
</para>
<para>
Second, all queries executed against the database use hard-coded
queries with no variables substituted. In this case it is safe to
use the simple
<function>executeQuery</function>
call, and this is what the examples illustrate.
In practice, though,it is unlikely that the SQL statement is known
entirely ahead of time. In order to allow variables to be safely
substituted into the SQL queries, without running the risk of
injecting SQL with unknown effects, it is safer to use the
<function>executePreparedQuery</function>
which takes a prepared SQL statement containing placeholders
and a list of values to be substituted.
</para>
<section id='sdo.das.rel.metadata'>
<title>Specifying the metadata</title>
@ -408,7 +423,7 @@ $database_metadata = array($company_table, $department_table, $employee_table);
<para>
This metadata corresponds to a relational database that might have
been defined to MySQL as follows.
been defined to MySQL as:
</para>
<programlisting role="sql">
<![CDATA[
@ -436,6 +451,33 @@ $database_metadata = array($company_table, $department_table, $employee_table);
);
]]>
</programlisting>
<para>
or to DB2 as:
</para>
<programlisting role="sql">
<![CDATA[
create table company ( \
id integer not null generated by default as identity, \
name varchar(20), \
employee_of_the_month integer, \
primary key(id) )
create table department ( \
id integer not null generated by default as identity, \
name varchar(20), \
location varchar(10), \
number integer, \
co_id integer, \
primary key(id) )
create table employee ( \
id integer not null generated by default as identity, \
name varchar(20), \
SN char(4), \
manager smallint, \
dept_id integer, \
primary key(id) )
]]>
</programlisting>
<para>
Note that although in this example there are no foreign keys specified
to the database and so the database is not expected to enforce
@ -717,7 +759,7 @@ $acme->name = "Acme";
/**************************************************************
* Get a database connection and write the object to the database
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$das -> applyChanges($dbh, $root);
?>
]]>
@ -761,7 +803,7 @@ $das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metad
/**************************************************************
* Get a database connection
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
/**************************************************************
* Issue a query to obtain a company object - possibly more if they exist
@ -820,7 +862,7 @@ $das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metad
/**************************************************************
* Get a database connection
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
/**************************************************************
* Issue a query to obtain a company object - possibly more if they exist
@ -872,7 +914,7 @@ $das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metad
/**************************************************************
* Get a database connection
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
/**************************************************************
* Issue a query to obtain a company object - possibly more if they exist
@ -958,7 +1000,7 @@ require_once 'company_metadata.inc.php';
/*************************************************************************************
* Empty out the two tables
*************************************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$pdo_stmt = $dbh->prepare('DELETE FROM COMPANY;');
$rows_affected = $pdo_stmt->execute();
$pdo_stmt = $dbh->prepare('DELETE FROM DEPARTMENT;');
@ -967,7 +1009,7 @@ $rows_affected = $pdo_stmt->execute();
/**************************************************************
* Create a company with name Acme and one department, the Shoe department
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$root = $das -> createRootDataObject();
@ -1042,7 +1084,7 @@ require_once 'company_metadata.inc.php';
/**************************************************************
* Retrieve the company and Shoe department, then delete Shoe and add IT
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$root = $das->executeQuery($dbh,
@ -1109,7 +1151,7 @@ require_once 'company_metadata.inc.php';
/**************************************************************
* Retrieve the company and IT department, then delete the whole company
***************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$root = $das->executeQuery($dbh,
@ -1195,7 +1237,7 @@ require_once 'company_metadata.inc.php';
/*************************************************************************************
* Empty out the three tables
*************************************************************************************/
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$pdo_stmt = $dbh->prepare('DELETE FROM COMPANY;');
$rows_affected = $pdo_stmt->execute();
$pdo_stmt = $dbh->prepare('DELETE FROM DEPARTMENT;');
@ -1211,7 +1253,7 @@ $rows_affected = $pdo_stmt->execute();
* The employee of the month is Sue.
*************************************************************************************/
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$root = $das -> createRootDataObject();
$acme = $root -> createDataObject('company');
@ -1260,13 +1302,12 @@ require_once 'company_metadata.inc.php';
* Change the employee of the month.
*************************************************************************************/
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$name = 'Acme';
$root = $das->executeQuery($dbh,
'select c.id, c.name, c.employee_of_the_month, d.id, d.name, e.id, e.name ' .
'from company c, department d, employee e ' .
'where e.dept_id = d.id and d.co_id = c.id and c.name="' . $name . '";',
"select c.id, c.name, c.employee_of_the_month, d.id, d.name, e.id, e.name " .
"from company c, department d, employee e " .
"where e.dept_id = d.id and d.co_id = c.id and c.name='Acme'",
array('company.id','company.name','company.employee_of_the_month',
'department.id','department.name','employee.id','employee.name'));
$acme = $root['company'][0];
@ -1320,13 +1361,12 @@ require_once 'company_metadata.inc.php';
* reassigning. For safety here we delete the company all in one go.
*************************************************************************************/
$das = new SDO_DAS_Relational ($database_metadata,'company',$SDO_reference_metadata);
$dbh = new PDO("mysql:dbname=COMPANYDB;host=localhost",DATABASE_USER,DATABASE_PASSWORD);
$dbh = new PDO(PDO_DSN,DATABASE_USER,DATABASE_PASSWORD);
$name='MegaCorp';
$root = $das->executeQuery($dbh,
'select c.id, c.name, c.employee_of_the_month, d.id, d.name, e.id, e.name ' .
'from company c, department d, employee e ' .
'where e.dept_id = d.id and d.co_id = c.id and c.name="' . $name . '";',
"select c.id, c.name, c.employee_of_the_month, d.id, d.name, e.id, e.name " .
"from company c, department d, employee e " .
"where e.dept_id = d.id and d.co_id = c.id and c.name='MegaCorp';",
array('company.id','company.name','company.employee_of_the_month',
'department.id','department.name','employee.id','employee.name'));
$megacorp = $root['company'][0];
@ -1414,8 +1454,18 @@ echo "Deleted the company, departments and employees all in one go.\n";
<link linkend='function.SDO-DAS-Relational-executeQuery'>
executeQuery
</link>
- execute a passed SQL query against the database and return the
results as a normalised data graph
- execute an SQL query passed as a literal string and return
the results as a normalised data graph
</para>
</listitem>
<listitem>
<para>
<link linkend='function.SDO-DAS-Relational-executePreparedQuery'>
executePreparedQuery
</link>
- execute an SQL query passed as a prepared statement, with a
list of values to substitute for placeholders, and return the
results as a normalised data graph
</para>
</listitem>
<listitem>