1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
<?php
/**
* Command class file.
*
* @link http://www.yiiframework.com/
* @copyright Copyright © 2008-2012 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\db\dao;
use yii\db\Exception;
/**
* Command represents a SQL statement to be executed against a database.
*
* A command object is usually created by calling [[Connection::createCommand()]].
* The SQL statement it represents can be set via the [[sql]] property.
*
* To execute a non-query SQL (such as INSERT, DELETE, UPDATE), call [[execute()]].
* To execute a SQL statement that returns result data set (such as SELECT),
* use [[queryAll()]], [[queryRow()]], [[queryColumn()]], [[queryScalar()]], or [[query()]].
* For example,
*
* ~~~
* $users = \Yii::$application->db->createCommand('SELECT * FROM tbl_user')->queryAll();
* ~~~
*
* Command supports SQL statement preparation and parameter binding.
* Call [[bindValue()]] to bind a value to a SQL parameter;
* Call [[bindParam()]] to bind a PHP variable to a SQL parameter.
* When binding a parameter, the SQL statement is automatically prepared.
* You may also call [[prepare()]] explicitly to prepare a SQL statement.
*
* @property string $sql the SQL statement to be executed
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class Command extends \yii\base\Component
{
/**
* @var Connection the DB connection that this command is associated with
*/
public $connection;
/**
* @var \PDOStatement the PDOStatement object that this command contains
*/
public $pdoStatement;
/**
* @var mixed the default fetch mode for this command.
* @see http://www.php.net/manual/en/function.PDOStatement-setFetchMode.php
*/
public $fetchMode = \PDO::FETCH_ASSOC;
/**
* @var string the SQL statement that this command represents
*/
private $_sql;
/**
* @var array the parameter log information (name=>value)
*/
private $_params = array();
/**
* Constructor.
* @param Connection $connection the database connection
* @param string $sql the SQL statement to be executed
* @param array $params the parameters to be bound to the SQL statement
* @param array $config name-value pairs that will be used to initialize the object properties
*/
public function __construct($connection, $sql = null, $params = array(), $config = array())
{
$this->connection = $connection;
$this->_sql = $sql;
$this->bindValues($params);
parent::__construct($config);
}
/**
* Returns the SQL statement for this command.
* @return string the SQL statement to be executed
*/
public function getSql()
{
return $this->_sql;
}
/**
* Specifies the SQL statement to be executed.
* Any previous execution will be terminated or cancelled.
* @param string $value the SQL statement to be set.
* @return Command this command instance
*/
public function setSql($value)
{
$this->_sql = $value;
$this->_params = array();
$this->cancel();
return $this;
}
/**
* Prepares the SQL statement to be executed.
* For complex SQL statement that is to be executed multiple times,
* this may improve performance.
* For SQL statement with binding parameters, this method is invoked
* automatically.
* @throws Exception if there is any DB error
*/
public function prepare()
{
if ($this->pdoStatement == null) {
$sql = $this->connection->expandTablePrefix($this->getSql());
try {
$this->pdoStatement = $this->connection->pdo->prepare($sql);
} catch (\Exception $e) {
\Yii::error($e->getMessage() . "\nFailed to prepare SQL: $sql", __CLASS__);
$errorInfo = $e instanceof \PDOException ? $e->errorInfo : null;
throw new Exception($e->getMessage(), (int)$e->getCode(), $errorInfo);
}
}
}
/**
* Cancels the execution of the SQL statement.
* This method mainly sets [[pdoStatement]] to be null.
*/
public function cancel()
{
$this->pdoStatement = null;
}
/**
* Binds a parameter to the SQL statement to be executed.
* @param string|integer $name parameter identifier. For a prepared statement
* using named placeholders, this will be a parameter name of
* the form `:name`. For a prepared statement using question mark
* placeholders, this will be the 1-indexed position of the parameter.
* @param mixed $value Name of the PHP variable to bind to the SQL statement parameter
* @param integer $dataType SQL data type of the parameter. If null, the type is determined by the PHP type of the value.
* @param integer $length length of the data type
* @param mixed $driverOptions the driver-specific options
* @return Command the current command being executed
* @see http://www.php.net/manual/en/function.PDOStatement-bindParam.php
*/
public function bindParam($name, &$value, $dataType = null, $length = null, $driverOptions = null)
{
$this->prepare();
if ($dataType === null) {
$this->pdoStatement->bindParam($name, $value, $this->connection->getPdoType(gettype($value)));
} elseif ($length === null) {
$this->pdoStatement->bindParam($name, $value, $dataType);
} elseif ($driverOptions === null) {
$this->pdoStatement->bindParam($name, $value, $dataType, $length);
} else {
$this->pdoStatement->bindParam($name, $value, $dataType, $length, $driverOptions);
}
$this->_params[$name] =& $value;
return $this;
}
/**
* Binds a value to a parameter.
* @param string|integer $name Parameter identifier. For a prepared statement
* using named placeholders, this will be a parameter name of
* the form `:name`. For a prepared statement using question mark
* placeholders, this will be the 1-indexed position of the parameter.
* @param mixed $value The value to bind to the parameter
* @param integer $dataType SQL data type of the parameter. If null, the type is determined by the PHP type of the value.
* @return Command the current command being executed
* @see http://www.php.net/manual/en/function.PDOStatement-bindValue.php
*/
public function bindValue($name, $value, $dataType = null)
{
$this->prepare();
if ($dataType === null) {
$this->pdoStatement->bindValue($name, $value, $this->connection->getPdoType(gettype($value)));
} else {
$this->pdoStatement->bindValue($name, $value, $dataType);
}
$this->_params[$name] = $value;
return $this;
}
/**
* Binds a list of values to the corresponding parameters.
* This is similar to [[bindValue()]] except that it binds multiple values at a time.
* Note that the SQL data type of each value is determined by its PHP type.
* @param array $values the values to be bound. This must be given in terms of an associative
* array with array keys being the parameter names, and array values the corresponding parameter values,
* e.g. `array(':name'=>'John', ':age'=>25)`. By default, the PDO type of each value is determined
* by its PHP type. You may explicitly specify the PDO type by using an array: `array(value, type)`,
* e.g. `array(':name'=>'John', ':profile'=>array($profile, \PDO::PARAM_LOB))`.
* @return Command the current command being executed
*/
public function bindValues($values)
{
if (!empty($values)) {
$this->prepare();
foreach ($values as $name => $value) {
if (is_array($value)) {
$type = $value[1];
$value = $value[0];
} else {
$type = $this->connection->getPdoType(gettype($value));
}
$this->pdoStatement->bindValue($name, $value, $type);
$this->_params[$name] = $value;
}
}
return $this;
}
/**
* Executes the SQL statement.
* This method should only be used for executing non-query SQL statement, such as `INSERT`, `DELETE`, `UPDATE` SQLs.
* No result set will be returned.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @return integer number of rows affected by the execution.
* @throws Exception execution failed
*/
public function execute($params = array())
{
$sql = $this->connection->expandTablePrefix($this->getSql());
$this->_params = array_merge($this->_params, $params);
if ($this->_params === array()) {
$paramLog = '';
} else {
$paramLog = "\nParameters: " . var_export($this->_params, true);
}
\Yii::trace("Executing SQL: {$sql}{$paramLog}", __CLASS__);
try {
if ($this->connection->enableProfiling) {
\Yii::beginProfile(__METHOD__ . "($sql)", __CLASS__);
}
$this->prepare();
if ($params === array()) {
$this->pdoStatement->execute();
} else {
$this->pdoStatement->execute($params);
}
$n = $this->pdoStatement->rowCount();
if ($this->connection->enableProfiling) {
\Yii::endProfile(__METHOD__ . "($sql)", __CLASS__);
}
return $n;
} catch (\Exception $e) {
if ($this->connection->enableProfiling) {
\Yii::endProfile(__METHOD__ . "($sql)", __CLASS__);
}
$message = $e->getMessage();
\Yii::error("$message\nFailed to execute SQL: {$sql}{$paramLog}", __CLASS__);
$errorInfo = $e instanceof \PDOException ? $e->errorInfo : null;
throw new Exception($message, (int)$e->getCode(), $errorInfo);
}
}
/**
* Executes the SQL statement and returns query result.
* This method is for executing a SQL query that returns result set, such as `SELECT`.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @return DataReader the reader object for fetching the query result
* @throws Exception execution failed
*/
public function query($params = array())
{
return $this->queryInternal('', $params);
}
/**
* Executes the SQL statement and returns ALL rows at once.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @param mixed $fetchMode the result fetch mode. Please refer to [PHP manual](http://www.php.net/manual/en/function.PDOStatement-setFetchMode.php)
* for valid fetch modes. If this parameter is null, the value set in [[fetchMode]] will be used.
* @return array all rows of the query result. Each array element is an array representing a row of data.
* An empty array is returned if the query results in nothing.
* @throws Exception execution failed
*/
public function queryAll($params = array(), $fetchMode = null)
{
return $this->queryInternal('fetchAll', $params, $fetchMode);
}
/**
* Executes the SQL statement and returns the first row of the result.
* This method is best used when only the first row of result is needed for a query.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @param mixed $fetchMode the result fetch mode. Please refer to [PHP manual](http://www.php.net/manual/en/function.PDOStatement-setFetchMode.php)
* for valid fetch modes. If this parameter is null, the value set in [[fetchMode]] will be used.
* @return array|boolean the first row (in terms of an array) of the query result. False is returned if the query
* results in nothing.
* @throws Exception execution failed
*/
public function queryRow($params = array(), $fetchMode = null)
{
return $this->queryInternal('fetch', $params, $fetchMode);
}
/**
* Executes the SQL statement and returns the value of the first column in the first row of data.
* This method is best used when only a single value is needed for a query.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @return string|boolean the value of the first column in the first row of the query result.
* False is returned if there is no value.
* @throws Exception execution failed
*/
public function queryScalar($params = array())
{
$result = $this->queryInternal('fetchColumn', $params, 0);
if (is_resource($result) && get_resource_type($result) === 'stream') {
return stream_get_contents($result);
} else {
return $result;
}
}
/**
* Executes the SQL statement and returns the first column of the result.
* This method is best used when only the first column of result (i.e. the first element in each row)
* is needed for a query.
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @return array the first column of the query result. Empty array is returned if the query results in nothing.
* @throws Exception execution failed
*/
public function queryColumn($params = array())
{
return $this->queryInternal('fetchAll', $params, \PDO::FETCH_COLUMN);
}
/**
* Performs the actual DB query of a SQL statement.
* @param string $method method of PDOStatement to be called
* @param array $params input parameters (name=>value) for the SQL execution. This is an alternative
* to [[bindValues()]]. Note that if you pass parameters in this way, any previous call to [[bindParam()]]
* or [[bindValue()]] will be ignored.
* @param mixed $fetchMode the result fetch mode. Please refer to [PHP manual](http://www.php.net/manual/en/function.PDOStatement-setFetchMode.php)
* for valid fetch modes. If this parameter is null, the value set in [[fetchMode]] will be used.
* @return mixed the method execution result
*/
private function queryInternal($method, $params, $fetchMode = null)
{
$db = $this->connection;
$sql = $db->expandTablePrefix($this->getSql());
$this->_params = array_merge($this->_params, $params);
if ($this->_params === array()) {
$paramLog = '';
} else {
$paramLog = "\nParameters: " . var_export($this->_params, true);
}
\Yii::trace("Querying SQL: {$sql}{$paramLog}", __CLASS__);
if ($db->queryCachingCount > 0 && $db->queryCachingDuration >= 0 && $method !== '') {
$cache = \Yii::$application->getComponent($db->queryCacheID);
}
if (isset($cache)) {
$db->queryCachingCount--;
$cacheKey = __CLASS__ . "/{$db->dsn}/{$db->username}/$sql/$paramLog";
if (($result = $cache->get($cacheKey)) !== false) {
\Yii::trace('Query result found in cache', __CLASS__);
return $result;
}
}
try {
if ($db->enableProfiling) {
\Yii::beginProfile(__METHOD__ . "($sql)", __CLASS__);
}
$this->prepare();
if ($params === array()) {
$this->pdoStatement->execute();
} else {
$this->pdoStatement->execute($params);
}
if ($method === '') {
$result = new DataReader($this);
} else {
if ($fetchMode === null) {
$fetchMode = $this->fetchMode;
}
$result = call_user_func_array(array($this->pdoStatement, $method), (array)$fetchMode);
$this->pdoStatement->closeCursor();
}
if ($db->enableProfiling) {
\Yii::endProfile(__METHOD__ . "($sql)", __CLASS__);
}
if (isset($cache)) {
$cache->set($cacheKey, $result, $db->queryCachingDuration, $db->queryCachingDependency);
\Yii::trace('Saved query result in cache', __CLASS__);
}
return $result;
} catch (\Exception $e) {
if ($db->enableProfiling) {
\Yii::endProfile(__METHOD__ . "($sql)", __CLASS__);
}
$message = $e->getMessage();
\Yii::error("$message\nCommand::$method() failed: {$sql}{$paramLog}", __CLASS__);
$errorInfo = $e instanceof \PDOException ? $e->errorInfo : null;
throw new Exception($message, (int)$e->getCode(), $errorInfo);
}
}
}