Summary:
Suggestion for creating DB queries in default action
Detailed Description:
I have suggestion to make DB query building more flexible. So it would allow
developers to build their own complex queries for example for filtering and
sorting.
It can be like this for example:
$query = 'SELECT skeleton_id, description from '.cms_db_prefix().
'module_skeleton';
$query_params = array();
if (isset($params['skeleton_id']))
{
// *ALWAYS* use parameterized queries with user-provided input
// to prevent SQL-Injection attacks!
$query .= ' where skeleton_id = ?';
$query_params[] = $params['skeleton_id'];
}
//else
// {
// // we're not getting a specific record, so show 'em all. Probably should
paginate.
// $result = $db->Execute($query);
// }
$result = $db->Execute($query, $query_params);
So can easily place several "if" statements to create complex queries.
Back to List