Re: [PHP-DB] PDO bindValue ORDER BY

2008-11-01 Thread Post TUDBC 
Your workaround is probably what I would do myself.

Note: mysql_real_escape_string() is technically expecting a string
value, although there is no harm using it, and it's not a bad idea to
avoid possible SQL malicious codes. Alternately, you can also write a
simple function using regular expression to make sure that $sort is
one of your possible sort fields and nothing else.

http://www.tudbc.org


On 11/1/08, Matthew Peltzer [EMAIL PROTECTED] wrote:
 ok... this makes more sense now.  I know in the past I tried to do
  something similar with table names in the WHERE clause, and that
  didn't work in the same manner.

  Is there a better way to do what I'm trying to do? that is, sorting
  within the SQL statement based on a supplied column name without out
  writing multiple SQL statements?

  for now my work around is to some thing like:

  $sort = mysql_real_escape_string($sort);
  $sql = SELECT * FROM `table` ORDER BY `$sort`;

  which makes me queasy because I spent a lot of time getting away from
  inlining variables in SQL statements.



  On Fri, Oct 31, 2008 at 6:46 PM, Post TUDBC [EMAIL PROTECTED] wrote:
   Technically, bound parameter is expecting a value, such as
  WHERE ID=:id
   However, ORDER BY is followed by a field name, such as
 ORRDER BY ID
   So I don't think it should work.
  
   If it does work, then it is a sign that the database driver is not
   really preparing the statement (as it should for performance reason),
   but it is just substituiting values to compose a SQL (just for your
   convenience).
  
   On 10/31/08, Matthew Peltzer [EMAIL PROTECTED] wrote:
   Are pdo bound parameters within an ORDER BY clause broken in php 5.2.5?
  
I find that in php 5.2.6 this works as expected:
  
?php
$sql = 'SELECT * FROM `table` ORDER BY :sort';
$stmt = $pdo-prepare($sql);
$stmt-bindValue(':sort', $sort, PDO::PARAM_STR);
$stmt-execute();
print_r($stmt-fetchAll(PDO::FETCH_ASSOC));
?
  
but under php5.2.5 the ORDER BY clause silently fails.  Also,
parameters bound to SELECT or WHERE or LIMIT clauses function
correctly, but ORDE BY still has no effect.  If I remove the
$stmt-bindValue(':sort', $sort, PDO::PARAM_STR); line or the ORDER
BY :sort I get a number of bound variables does not match number of
tokens error.
  
So it appears the parsing mechanism is funcitoning, but what ever is
responsible for binding to ORDER BY is not.
  
I've looked in bug reports and the change logs, but did not find a
explicit reference to this issue.
  
  
--
-- Matthew Peltzer
-- [EMAIL PROTECTED]
  
  
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
  
  
  




 --

 -- Matthew Peltzer
  -- [EMAIL PROTECTED]

  --
  PHP Database Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] MySQL stored procedures OUT or INOUT parameters

2008-10-11 Thread Post TUDBC 
TUDBC has recently moved to open-source GPL, similar to how MySQL
works. (You probably got the impression that it had proprietary
license, maybe because some the obsolete webpages still referred to
the old license, so I have corrected those obsolete web pages.)

I am not familiar with FOSS, but my reading showed that GPL is the
most used open-source license, which was why I chose GPL.

On 10/11/08, Tim Hawkins [EMAIL PROTECTED] wrote:
 Until TUDBC is available under an accredited FOSS license, nobody in their
 right mind is going to use it in any project that
  may need to be ipr encumbrement  free at a future date.

  Posting solutions that pertain to a proprietary technology on a list
 predominately dedicated to technologies that do meet that
  requirement is bordering on being classified as commercial spam.

  On 11 Oct 2008, at 01:52, Post-No-Reply TUDBC wrote:


  I kindly disagree. The original post asked How to use OUT or INOUT
  parameters of MySQL's stored procedures in PHP? by STF.
 
  To quote STF again in a later post Yes, I've already found that
  multi-step way before... I was just wondering if anything got better
  since with regard to this. Apparently not.
 
  If you're aware of what developers need to face when dealing with when
  trying to get an OUT parameter from a stored procedure, there are
  multi-step way workaround which is cumbersome.
 
  My reply is directly offering an alternate way in PHP to solve this
  problem faced by the original post.
 
 
  On 10/10/08, Fergus Gibson [EMAIL PROTECTED] wrote:
 
   2008/10/10 Post-No-Reply TUDBC [EMAIL PROTECTED]:
  
  
By using TUDBC (http://www.tudbc.org), you can call stored procedures
easily.
   
  
  
   Your post was an excellent answer to the question, How do I call
   stored procedures easily with TUDBC?  Unfortunately, that is not what
   the original poster asked.  In fact, no one has ever asked that
   question on this list.  Ever.  Posting to the list from a generic
   no-reply address seems pretty rude.
  
   But setting aside the irrelevance of your post, the example does not
   seem EZ at all.  In fact, it seems quite a bit more complicated than
   the comparable code for PDO or mysqli, not to mention both
   unnecessarily verbose and simultaneously cryptic.
  
  
   --
  
   PHP Database Mailing List (http://www.php.net/)
   To unsubscribe, visit: http://www.php.net/unsub.php
  
  
  
 
  --
  PHP Database Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 
 



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php