stackoom
  简体   繁体   中英

How can I pass parameters to the query?

 原文  2016-10-26 07:26:58       php/ mysql/ laravel

Question

I use Laravel. As you know, Laravel doesn't support UNION clause for the query. So I have to write it as raw when I want to paging the whole results. Something like this: 

$results = DB::select('SELECT id, title, description, imgPath
                       FROM news n
                       WHERE n.title LIKE %$q OR n.description LIKE %$q 
                       UNION ALL
                       SELECT id, title, description, imgPath
                       FROM productions p
                       WHERE p.title LIKE %$q OR p.description LIKE %$q
                      ');

As I said, I use Laravel, So how can I pass $q to the query in Laravel? All I'm trying to do is making the query safe against SQL injections. That's why I'm trying to pass the parameters to the query rather that using them directly in the query.

In pure PHP I can do that like this: 

$st = $dbh->prepare('SELECT ... WHRER col LIKE %:q');
$st->bindParam(':q', $q, PDO::PARAM_INT);

I want something like this ^ in Laravel.

2 answers

solution1
 3 ACCPTED  2016-10-26 07:32:58

Yes, there is union: https://laravel.com/docs/5.3/queries#unions

I didn't test it out, but it should looks something like this: 

$first = DB::table('news')
    ->select(['id', 'title', 'description', 'imgPath'])
    ->where(function($query) use ($q) {
        $query->where('title', 'like', "%$q")
              ->orWhere('description', 'like', "%$q");
    });

$result = DB::table('productions')
    ->select(['id', 'title', 'description', 'imgPath'])
    ->where(function($query) use ($q) {
        $query->where('title', 'like', "%$q")
              ->orWhere('description', 'like', "%$q");
    })
    ->unionAll($first)
    ->get();

NOTE:

With union you won't be able to do paginate out of the box. You will need to create the paginator object by yourself as shown here: Laravel - Union + Paginate at the same time?

solution2
 2  2016-10-26 07:39:46

Your "pure PHP code" won't work either. You have to respect SQL and PDO syntax 

$st = $dbh->prepare('SELECT ... WHRER col LIKE :q');
$st->bindParam(':q', "%$q");

will do.

The same with Laravel: you have to define a placeholder in the query and then send it as a parameter 

$sql = 'SELECT * FROM news WHERE title LIKE :q OR description LIKE :q';
$results = DB::select($sql, ['q' => "%$q"]);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I pass POST parameters in a URL? Can I use header() to pass query string parameters? How to pass 2 parameters in a scopeFilter query How can I rewrite query parameters to path parameters in Apache? how can I pass parameters to joomla component correctly? How can I pass parameters to a Twilio number voice URL with PHP? How can I pass extra parameters to the routeMatch object? How can i pass parameters to a Symfony2 Twig block? How can I pass parameters to PHP files correctly How I can pass multiple parameters to URL in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM