Commit 96184c2c by Alexander Makarov

added docs about DB table and column quoting

parent 33285c53
...@@ -105,7 +105,7 @@ $command = $connection->createCommand('UPDATE tbl_post SET status=1 WHERE id=1') ...@@ -105,7 +105,7 @@ $command = $connection->createCommand('UPDATE tbl_post SET status=1 WHERE id=1')
$command->execute(); $command->execute();
``` ```
Alternatively the following syntax is possible: Alternatively the following syntax that takes care of proper table and column names quoting is possible:
```php ```php
// INSERT // INSERT
...@@ -130,6 +130,29 @@ $connection->createCommand()->update('tbl_user', array( ...@@ -130,6 +130,29 @@ $connection->createCommand()->update('tbl_user', array(
$connection->createCommand()->delete('tbl_user', 'status = 0')->execute(); $connection->createCommand()->delete('tbl_user', 'status = 0')->execute();
``` ```
Quoting table and column names
------------------------------
If you are building query string dynamically make sure you're properly quoting table and column names using
[[\yii\db\Connection::quoteTableName()]] and [[\yii\db\Connection::quoteColumnName()]]:
```php
$column = $connection->quoteColumnName($column);
$table = $connection->quoteTableName($table);
$sql = "SELECT COUNT($column) FROM $table";
$rowCount = $connection->createCommand($sql)->queryScalar();
```
Alternatively you can use special syntax when writing SQL:
```php
$sql = "SELECT COUNT({{$column}}) FROM [[$table]]";
$rowCount = $connection->createCommand($sql)->queryScalar();
```
In the code above `{{X}}` will be converted to properly quoted column name while `[[Y]]` will be converted to properly
quoted table name.
Prepared statements Prepared statements
------------------- -------------------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment