MDB2 Queries

8 Posts

dmiller_24 Reply #1, 12 years, 10 months ago

As I’m sure this questions will tell you, I’m newer to modx Revolution, but from what I have used it I’m really starting to like it...the following has me stuck on a few of my websites right now though.

I’ve been trying to look, but I have not beenable to find anything on this. I usually write most of my queries using MDB2, it has some functions I like using such as $MDB2->quote($variable_string) so that I don’t have to put quotes around each of the varialbes.

Does anyone know if I can use MDB2 in my snippets, or do I have to just use the PDO and/or mysql_query type functions?

--
Dustin Miller
Cold Snap Technology
www.coldsnaptechnology.com
218-229-2887

8 Posts

dmiller_24 Reply #2, 12 years, 10 months ago

I think I just found what I was looking for. I think that $modx->quote($_POST[’variable_name’]) will work as the main thing I was looking for. Using that and the $modx->query($q) is almost exactly what I wanted.

--
Dustin Miller
Cold Snap Technology
www.coldsnaptechnology.com
218-229-2887

MODX Staff
10,725 Posts

opengeek Reply #3, 12 years, 10 months ago

The modX class (which extends xPDO) wraps PDO and exposes all of it’s functionality. You can use prepared statements in this way and the xPDO object/relational features use prepared statements exclusively. Binding parameters to prepared statements automatically "quotes" the parameter values and prevents SQL injection. e.g.

<?php
$pdoStmt = $modx->prepare("SELECT * FROM `food` WHERE `type` = ?");
if ($pdoStmt->execute(array('beer'))) {
    $resultSet = $pdoStmt->fetchAll(PDO::FETCH_ASSOC);
}

See the PDO documentation for more information.

Jason Coward
Chief Architect @ MODX
http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek