Hi i am new in zend framework.
I want to know that it is possible to use concatinate queries in zend model.
example like this we do in core php
$abc ="SELECT * FROM emp"
if ($_post ['a'] != '')
{
$abc =$abc ." WHERE code=$_post ['a']";
}
if ($_post ['b'] != '')
{
$abc =$abc ." WHERE name=$_post ['b']";
}
$abc.=" ORDER BY datetime;";
If possible I want to implement above code in Zend model.
Yes you can do such in zend. Here is the dummy idea for you.
First create the object of the model of emp table.
$emp = new Application_Model_Emp();
$select = $emp->select();
In model $_POST is not working so you need to pass the arguments from the controller. Here I am using that as variable.
if($a != '') {
$select->where("code = ?", $a);
}
if($b != '') {
$select->where("name = ?", $b);
}
$select->order("datetime");
$rows = $emp->fetchAll($select);
Related
I am working on a component where I want to show all users of a specific usergroup. Right now I found two solutions for this but I'm not feeling comfortable with both of them.
Solution 1
$usersID = JAccess::getUsersByGroup(3);
$users = array();
foreach($usersID as $cUserID)
{
$users[] = JFactory::getUser($cUserID);
}
This one seems to produce two database queries every time JFactory::getUser($cUserID) is called. I really don't want this.
Solution 2
function inside model
function getUsers()
{
if(!isset($this->users))
{
$groupID = 3;
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$select = array( 'users.id', 'users.name');
$where = $db->quoteName('map.group_id') . ' = ' . $groupID;
$query
->select($select)
->from( $db->quoteName('#__user_usergroup_map', 'map') )
->leftJoin( $db->quoteName('#__users', 'users') . ' ON (map.user_id = users.id)' )
->where($where);
$db->setQuery($query);
$this->users = $db->loadObjectList();
}
return $this->users;
}
This one works like a charm but I feel there should be a "more Joomla! way" of doing this. I don't like working on their tables.
Right now I'm going with solution 2 but i really wonder if there is some better way to do it.
Let's say I am building a search that finds all the teacher and got an input where the user can put in the search term. I tried reading the phalcon documentation but I only see things like binding parameters. I read the other thread about needing prepare statements do I need that in Phalcon as well?
And my function in the model would be something like this:
public function findTeachers($q, $userId, $isUser, $page, $limit, $sort)
{
$sql = 'SELECT id FROM tags WHERE name LIKE "%' . $q . '%"';
$result = new Resultset(null, $this,
$this->getReadConnection()->query($sql, array()));
$tagResult = $result->toArray();
$tagList = array();
foreach ($tagResult as $key => $value) {
$tagList[] = $value['id'];
....
}
}
My question is for the Phalcon framework is there any settings or formats I should code for this line $sql = 'SELECT id FROM tags WHERE name LIKE "%' . $q . '%"';
And also any general recommendation for preventing SQL Injection in PhalconPHP controllers and index would be appreciated.
For reference:
My controller:
public function searchAction()
{
$this->view->disable();
$q = $this->request->get("q");
$sort = $this->request->get("sort");
$searchUserModel = new SearchUsers();
$loginUser = $this->component->user->getSessionUser();
if (!$loginUser) {
$loginUser = new stdClass;
$loginUser->id = '';
}
$page = $this->request->get("page");
$limit = 2;
if (!$page){
$page = 1;
}
$list = $searchUserModel->findTeachers($q, $loginUser->id, ($loginUser->id)?true:false, $page, $limit, $sort);
if ($list){
$list['status'] = true;
}
echo json_encode($list);
}
My Ajax:
function(cb){
$.ajax({
url: '/search/search?q=' + mapObject.q + '&sort=<?php echo $sort;?>' + '&page=' + mapObject.page,
data:{},
success: function(res) {
//console.log(res);
var result = JSON.parse(res);
if (!result.status){
return cb(null, result.list);
}else{
return cb(null, []);
}
},
error: function(xhr, ajaxOptions, thrownError) {
cb(null, []);
}
});
with q being the user's search term.
You should bind the query parameter to avoid an SQL injection. From what I can remember Phalcon can be a bit funny with putting the '%' wildcard in the conditions value so I put them in the bind.
This would be better than just filtering the query.
$tags = Tags::find([
'conditions' => 'name LIKE :name:',
'bind' => [
'name' => "%" . $q . "%"
]
])
Phalcon\Filter is helpful when interacting with the database.
In your controller you can say, remove everything except letters and numbers from $q.
$q = $this->request->get("q");
$q = $this->filter->sanitize($q, 'alphanum');
The shortest way for requests:
$q = $this->request->get('q', 'alphanum');
Hi I am unable to use OR condation in my following Symfony findBy query.
$searchArrayTasks = array(
"name" => new \MongoRegex('/.*'.trim($_POST['keyword']).'.*/')
);
$documents = $dm->getRepository('WorkOrganisationBundle:Tasks')->findBy($searchArrayTasks)->sort($sortArray )->limit($limit)->skip($skip);
Can any one suggest please how to use OR condation in this query.Because i want to make a search basis on different parameters Like Name OR class OR Type.
Thanks Advance
This way (certainly in your Manager) is a bad practice.
Its purpose is for really dumb request.
2 things :
-Put your code in a Repository
-And code your query in sql or dql :
public function common($qb, $limit)
{
$qb->setMaxResults($limit)
->orderBy('task.id', 'DESC');
return $qb;
}
public function findByNameClassOrType($keyword, $limit)
{
$qb = $this->createQueryBuilder('task');
$qb->select('task')
->where('task.name LIKE ?', '%'.$keyword.'%')
->orWhere('task.class LIKE ?', '%'.$keyword.'%')
->orWhere('task.type LIKE ?', '%'.$keyword.'%');
$qb = $this->common($qb, $limit);
return $qb->getQuery()->getResult();
}
Use ? symbol to be sure that Doctrine escape your strings.
EDIT (mongodb) : with Mongo use addOr($expr)
$q = $doctrineOdm->createQueryBuilder('Work\OrganisationBundle\Document\Tasks');
$q->addOr($q->expr()->field('task.name')->equals($keyword));
$q->addOr($q->expr()->field('task.type')->equals($keyword));
$result = $q->getQuery()->execute();
For more informations see https://doctrine-mongodb-odm.readthedocs.org/en/latest/reference/query-builder-api.html
I am using Zend and Doctrine to login using a table containing also a foreign ID to another table. I need to get this ID in order to use it in a Doctrine query (through the controller) to the database like this:
$q = Doctrine_Query::create()
->from('Lost_Model_Item i')
->where('i.StatID = ?', 'I need the ID here')
$result = $q->fetchArray();
I have tried to get it like this:
Zend_Auth::getInstance()->getIdentity()->ID
But it seems to not work. I am new to Zend and a bit lost here. Could you please help?
As I ma working with doctrine I have created an adapter as follow:
public function authenticate()
{
$q = Doctrine_Query::create()
->from('Lost_Model_Station u')
->where('u.username = ? AND u.password = MD5(?)',
array($this->username, $this->password)
);
$result = $q->fetchArray();
if (count($result) == 1) {
$this->_resultArray = $result[0];
return new Zend_Auth_Result(
Zend_Auth_Result::SUCCESS, $this->username, array());
} else {
return new Zend_Auth_Result(
Zend_Auth_Result::FAILURE, null,
array('Authentication unsuccessful')
);
}
}
How about using getIdentity to get the username and then use a sql join on Lost_Model_Item and Lost_Model_Station
$q = Doctrine_Query::create()
->from('Lost_Model_Item i')
->leftJoin('i.Lost_Model_Station u')
->where('u.username = ?', Zend_Auth::getInstance()->getIdentity())
$result = $q->fetchArray();
This assumes that there is a doctrine "hasOne" relation defined for Lost_Model_Station (in the base class):
public function setUp()
{
parent::setUp();
$this->hasOne('Lost_Model_Item', array(
'local' => 'StatID',
'foreign' => 'whatever_id_StatID_relates_to'));
}
Zend_Auth::getInstance()->getIdentity()->ID
well you got what you store in Identity . You need to post the code where you ask user to login . Because there you are not storing the ID inside the session storage which Zend_Auth uses . Basically do this there
$row = $this->_adapter->getResultRowObject();
Zend_Auth::getInstance()->getStorage()->write($row);
where $this->_adapter is
$this->_adapter = new Zend_Auth_Adapter_DbTable();
$this->_adapter->setTableName('users')
->setIdentityColumn('email')
->setCredentialColumn('password');
How can i find the sql query statement in Zend Framework for insert(), like its done for db table select's. $select->__toString().
Try this which work for me:
$db = Zend_Db_Table_Abstract::getDefaultAdapter();
$db->getProfiler()->setEnabled(true);
$profiler = $db->getProfiler();
$lastID = ($this->insert($data));
$query = $profiler->getLastQueryProfile();
$params = $query->getQueryParams();
$sqlQuery= $query->getQuery();
foreach ($params as $par) {
$sqlQuery = preg_replace('/\\?/', "'" . $par . "'", $sqlQuery, 1);
}
echo $sqlQuery;
You can't extract it since it's executed right away, but the code exists in Zend_Db_Adapter_Abstract::insert() and possibly overwritten in some of the adapters.