Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DB API Usage - How to write DBAL compliant code

2,541 views

Published on

What you need to know to write code compliant to the database abstraction layer in TYPO3 version 4, a.k.a DBAL.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DB API Usage - How to write DBAL compliant code

  1. 1. DB API Usage How to write DBAL compliant code Karsten Dambekalns karsten@typo3.org
  2. 2. t3lib_db ● TYPO3 has a centralized DB API ● it is contained in t3lib_db ● Available during runtime in $GLOBALS['TYPO3_DB']
  3. 3. SELECT queries ● exec_SELECTquery() ● generates SQL ● executes the query, returns result pointer ● parameters: $select_fields,$from_table,$where_clause, $groupBy='',$orderBy='',$limit=''
  4. 4. SELECTquery problems ● mixing things in parameters ● complex SQL ● checking possible with – Extension Development Evaluator – DBAL Debug BE module ● never forget to escape values in WHERE clause, stay secure!
  5. 5. INSERT queries ● exec_INSERTquery() ● generates SQL ● executes query ● parameters: $table,$fields_values, $no_quote_fields=FALSE
  6. 6. UPDATE queries ● exec_UPDATEquery() ● generates SQL ● executes query ● parameters: $table,$where,$fields_values, $no_quote_fields=FALSE
  7. 7. UPDATEquery problems ● almost none, very easy to use ● automatic escaping breaks SQL: – you might want to have SQL expressions in your update, that should not be escaped – solvable by using $no_quote_fields
  8. 8. DELETE queries ● exec_DELETEquery() ● generates SQL ● executes query ● parameters: $table,$where
  9. 9. UPDATEquery problems ● almost none, very easy to delete everyting :) ● escape values in WHERE clause yourself!
  10. 10. Escaping values ● various methods: – fullQuoteStr() – quoteStr() – fullQuoteArray() – escapeStrForLike() ● escape values matching the database used ● needs to know the table name – table inidcates the database being used
  11. 11. Fetching data ● exec_SELECTquery() returns a result pointer ● methods to know for using this result pointer: – sql_fetch_row() – sql_fetch_assoc() – sql_num_rows() – ... ● very similar to mysql_*() methods
  12. 12. Converting extensions ● Making old extensions use the DB API is easy ● Queries have to be done using the methods explained ● Fetching data can be done like before, only the method names change ● Keep an eye on escaping, stay safe!

×