ProcessWire - Datenbank manuell abfragen: Unterschied zwischen den Versionen
| Zeile 19: | Zeile 19: | ||
== Snippets PDO == | == Snippets PDO == | ||
| − | + | <syntaxhighlight lang="php"> | |
| + | <?php namespace ProcessWire; | ||
| + | |||
| + | // sanitization | ||
| + | $tableName = inputPost()->text('table'); | ||
| + | $columnName = inputPost()->text('column'); | ||
| + | $id = inputPost()->int('id'); | ||
| + | |||
| + | // this is where you'd sanitize user input to prevent SQL injection | ||
| + | $table = database()->escapeTable($tableName); | ||
| + | $column = database()->escapeCol($columnName); | ||
| + | $q = database()->prepare("SELECT `$column` FROM `$table` WHERE id = :id"); | ||
| + | $q->bindValue(':id', $id); // always bind values instead of concatenation | ||
| + | // | ||
| + | $success = false; | ||
| + | $values = null; | ||
| + | try { | ||
| + | $success = $q->execute(); | ||
| + | $values = $q->fetchAll(); | ||
| + | } catch (\Exception $e) { | ||
| + | wire()->log($e->getMessage(), Notice::log); | ||
| + | } | ||
| + | if (!$success) { | ||
| + | // handle error | ||
| + | } | ||
| + | |||
| + | if ($values) { | ||
| + | // use values | ||
| + | } | ||
| + | </syntaxhighlight> | ||
== Snippets mysqli == | == Snippets mysqli == | ||
Version vom 2. Januar 2020, 20:07 Uhr
https://processwire.com/api/ref/wire-database-p-d-o/ ProcessWire PDO https://processwire.com/talk/topic/17-functionsmethods-to-access-the-db/ Forumbeitrag (OldSchool mysqli) https://processwire.com/talk/topic/1684-reading-and-displaying-data-from-a-custom-table/ http://processwire.com/api/include/ (Bootstraping -> import data to recide in PW
Überblick
ProcessWire bringt verschiedene Funktionen die on Top of mySqli oder PDO (PHP Data Objects) aufbauen. MySqli arbeitet nur mit mySQL und ist der Nachfolger der alten mysql Funktionen. PDO ist eine PHP Abstraktionsschicht, die auch mit anderen Datenbanken umgehen kann.
Der Trend geht im Moment zu PDO (2018/19). Tatsächlich findet man auch in DatabaseMysqlii den Hinweis von Ryan This is for temporary use while transitioning from mysqli to PDO.
PDO Style mit $database Variable
// mysqli will be deprecated, so use PDO if you start with it $sql = "awesome query"; // $database variable is available in your templates. $database is the PDO way. $query = $database->prepare($sql); $query->execute();
Snippets PDO
<?php namespace ProcessWire;
// sanitization
$tableName = inputPost()->text('table');
$columnName = inputPost()->text('column');
$id = inputPost()->int('id');
// this is where you'd sanitize user input to prevent SQL injection
$table = database()->escapeTable($tableName);
$column = database()->escapeCol($columnName);
$q = database()->prepare("SELECT `$column` FROM `$table` WHERE id = :id");
$q->bindValue(':id', $id); // always bind values instead of concatenation
//
$success = false;
$values = null;
try {
$success = $q->execute();
$values = $q->fetchAll();
} catch (\Exception $e) {
wire()->log($e->getMessage(), Notice::log);
}
if (!$success) {
// handle error
}
if ($values) {
// use values
}
Snippets mysqli
DEPRECATED
Datenbankabfrage aus PW
$result = $this->db->query("SELECT id, name, title, url FROM yourtablename WHERE id=$id");
Seiten (mit URL) aus externer Tabelle generieren
But if that data needs to stay external, then Sinnut's solution is a good way to go. You would use the DB's primary key (or some other unique column) to serve as the urlSegment that loads the page. You'd setup one page/template to handle all that data, and it would find it like this:
$key = (int) $input->urlSegment1;
if(!$key) throw new Wire404Exception();
$result = $yourDB->query("SELECT make, model, year FROM your_table WHERE id=$key");
if(!$item->num_rows) throw new Wire404Exception();
list($make, $model, $year) = $result->fetch_row();
echo "<ul>";
echo "<li>Make: $make</li>";
echo "<li>Model: $model</li>";
echo "<li>Year: $year</li>";
echo "</ul>";
Externe Datenbank nutzen
Working with an external database can be pretty simple:
protected function externalDbConnect(){
$this->extDb = new mysqli('localhost', 'xxxx', 'yyyy', 'zzzz');
}
protected function queryCount($qry){
$result = $this->extDb->query($qry);
return $result->num_rows;
}
protected function queryForFields($table){
$a = array();
$result = $this->extDb->query('SHOW COLUMNS FROM '.$table);
while($row = $result->fetch_array(MYSQLI_ASSOC)) $a[] = $row['Field'];
return $a;
}
