1. class
  2. GenericDatabase
  3. \
  4. Helpers
  5. \
  6. Parsers
  7. \
  8. SQL

SQL

class SQL (View source)

The GenericDatabase\Helpers\Parsers\SQL class is responsible for escaping SQL strings and replacing parameters and binds in the SQL queries.

It provides methods to escape SQL strings based on different SQL dialects, extract SQL arguments, and replace SQL binds with different bind types.

Example Usage:

//Escape an SQL query using the default dialect
$escapedQuery = SQL::escape("SELECT * FROM users WHERE id = :id");

//Escape an SQL query using a specific dialect
$escapedQuery = SQL::escape("SELECT * FROM users WHERE id = :id", SQL::SQL_DIALECT_DOUBLE_QUOTE);

//Extract parameters from an SQL query
$parameters = SQL::arguments("SELECT * FROM users WHERE id = :id");

//Bind parameters in an SQL query with question marks
$boundQuery = SQL::binding("SELECT * FROM users WHERE id = :id");

//Bind parameters in an SQL query with dollar signs
$boundQuery = SQL::binding("SELECT * FROM users WHERE id = :id", SQL::BIND_QUESTION_MARK);

Main functionalities:

  • Escaping SQL strings by replacing certain characters with their escaped versions.
  • Extracting SQL arguments from an SQL string.
  • Replacing SQL binds with the specified bind type.
  • Processing words based on certain conditions, such as whether they are inside quotes or a function.
  • Loading reserved words from a JSON file and using them to escape the input string.

Methods:

  • loadReservedWords(): Loads reserved words from a JSON file and returns them as an array.
  • escapeType(string $input, string $quote): Escapes the input string by replacing certain characters with their escaped versions.
  • replaceParameters(string $input, string $quote, array $resWords): Replaces parameters in a given input string and returns the modified string.
  • processWord(string $word, array $resWords, string $quote, bool &$inFunction, bool $inSingleQt, bool $inDoubleQt): Processes a word based on certain conditions and returns the processed word.
  • processCondition(stdClass $object, string $processedWord, bool $processedCondition): Processes a condition based on certain conditions and returns the processed condition.
  • encloseWord(string $word, string $quote): Encloses a word with quotes or backticks, depending on the SQL dialect.
  • escape(string $input, int $dialect = self::SQL_DIALECT_NONE): Escapes the SQL string by replacing parameters with their quoted versions.
  • arguments(string $input, array $values = null): Extracts the SQL arguments from the input string.
  • binding(string $input, int $bindType = self::BIND_QUESTION_MARK): Replaces the SQL binds with the specified bind type.
  • bindWithQuestionMark(string $input, string $bindType): Replaces the SQL binds with question marks.
  • bindWithDollarSign(string $input, string $bindType): Replaces the SQL binds with dollar signs.

Fields:

  • SQL_DIALECT_BACKTICK: Constant representing the SQL dialect using backticks.
  • SQL_DIALECT_DOUBLE_QUOTE: Constant representing the SQL dialect using double quotes.
  • SQL_DIALECT_SINGLE_QUOTE: Constant representing the SQL dialect using single quotes.
  • SQL_DIALECT_NONE: Constant representing no SQL dialect.
  • BIND_QUESTION_MARK: Constant representing the bind type using question marks.
  • BIND_DOLLAR_SIGN: Constant representing the bind type using dollar signs.
  • $patternMap: An array mapping regex patterns used in the class.
  • $quoteMap: An array mapping SQL dialects to their corresponding quote characters.
  • $bindingMap: An array mapping bind types to their corresponding bind characters.
  • $resWords: An instance of the reserved word dictionary, loaded from a JSON file.

Constants

SQL_DIALECT_BACKTICK

SQL Dialect used by MySQL, MariaDB, Percona and Other Forks, also as Drizzle, Derby H2, HSQLDB and SQLite
SQL_DIALECT_DOUBLE_QUOTE

SQL Dialect used by IBM DB2, Firebird, PostgreSQL, Oracle, also as Microsoft SQL Server and Sybase
SQL_DIALECT_SINGLE_QUOTE

SQL Dialect used by Cassandra, MongoDB and other Hybrid, Databases.
SQL_DIALECT_NONE

For none SQL Dialect and bypass character escape.
BIND_QUESTION_MARK

For the dialects that need question marks notation
BIND_DOLLAR_SIGN

For the dialects that need dollar sign notation

Methods

static string
escape(string $input, int $dialect = self::SQL_DIALECT_NONE, int|null $quoteSkip = null)

Escapes the SQL string by replacing parameters with their quoted versions.

static array
arguments(string $input, array|null $values = null)

Extracts the SQL arguments from the input string.

static string
binding(string $input, int $bindType = self::BIND_QUESTION_MARK)

Replaces the SQL binds with the specified bind type.

Details

at line 351
static string escape(string $input, int $dialect = self::SQL_DIALECT_NONE, int|null $quoteSkip = null)

Escapes the SQL string by replacing parameters with their quoted versions.

Parameters

string $input

The SQL string to be escaped.
int $dialect

The SQL dialect to be used for escaping. Defaults to SQL::SQL_DIALECT_NONE.
int|null $quoteSkip

Return Value

string

The escaped SQL string.

at line 369
static array arguments(string $input, array|null $values = null)

Extracts the SQL arguments from the input string.

Parameters

string $input

The SQL string to extract arguments from.
array|null $values

The values to be used for replacing the SQL arguments. Defaults to null.

Return Value

array

The extracted SQL arguments.

at line 416
static string binding(string $input, int $bindType = self::BIND_QUESTION_MARK)

Replaces the SQL binds with the specified bind type.

Parameters

string $input

The SQL string to replace the binds in.
int $bindType

The type of binding to be used. Defaults to SQL::BIND_QUESTION_MARK.

Return Value

string

The SQL string with the binds replaced.