Your SlideShare is downloading. ×
DB API Usage - How to write DBAL compliant code
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

DB API Usage - How to write DBAL compliant code

2,165

Published on

What you need to know to write code compliant to the database abstraction layer in TYPO3 version 4, a.k.a DBAL.

What you need to know to write code compliant to the database abstraction layer in TYPO3 version 4, a.k.a DBAL.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,165
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DB API Usage How to write DBAL compliant code Karsten Dambekalns karsten@typo3.org
  • 2. t3lib_db ● TYPO3 has a centralized DB API ● it is contained in t3lib_db ● Available during runtime in $GLOBALS['TYPO3_DB']
  • 3. SELECT queries ● exec_SELECTquery() ● generates SQL ● executes the query, returns result pointer ● parameters: $select_fields,$from_table,$where_clause, $groupBy='',$orderBy='',$limit=''
  • 4. SELECTquery problems ● mixing things in parameters ● complex SQL ● checking possible with – Extension Development Evaluator – DBAL Debug BE module ● never forget to escape values in WHERE clause, stay secure!
  • 5. INSERT queries ● exec_INSERTquery() ● generates SQL ● executes query ● parameters: $table,$fields_values, $no_quote_fields=FALSE
  • 6. UPDATE queries ● exec_UPDATEquery() ● generates SQL ● executes query ● parameters: $table,$where,$fields_values, $no_quote_fields=FALSE
  • 7. UPDATEquery problems ● almost none, very easy to use ● automatic escaping breaks SQL: – you might want to have SQL expressions in your update, that should not be escaped – solvable by using $no_quote_fields
  • 8. DELETE queries ● exec_DELETEquery() ● generates SQL ● executes query ● parameters: $table,$where
  • 9. UPDATEquery problems ● almost none, very easy to delete everyting :) ● escape values in WHERE clause yourself!
  • 10. Escaping values ● various methods: – fullQuoteStr() – quoteStr() – fullQuoteArray() – escapeStrForLike() ● escape values matching the database used ● needs to know the table name – table inidcates the database being used
  • 11. Fetching data ● exec_SELECTquery() returns a result pointer ● methods to know for using this result pointer: – sql_fetch_row() – sql_fetch_assoc() – sql_num_rows() – ... ● very similar to mysql_*() methods
  • 12. Converting extensions ● Making old extensions use the DB API is easy ● Queries have to be done using the methods explained ● Fetching data can be done like before, only the method names change ● Keep an eye on escaping, stay safe!

×