99° Helpers for TYPO3

Db::statement()

\nn\t3::Db()->statement(`$statement = '', $params = [], $types = []`);

Send a "raw" query to the database. Closer to the database is not possible. You are responsible for everything yourself. Injections are only opposed by your (hopefully sufficient :) intelligence.

Helps, for example, with queries of tables that are not part of the Typo3 installation and therefore could not be reached via the normal QueryBuilder.

// ALWAYS escape variables via!
$keyword = \nn\t3::Db()->quote('search term');
$rows = \nn\t3::Db()->statement( "SELECT FROM tt_news WHERE bodytext LIKE '%{$keyword}%'");

// or better use prepared statements:
$rows = \nn\t3::Db()->statement( 'SELECT FROM tt_news WHERE bodytext LIKE :str', ['str'=>"%{$keyword}%"] );

// Types can be passed (this is determined automatically for arrays)
$rows = \nn\t3::Db()->statement( 'SELECT FROM tt_news WHERE uid IN (:uids)', ['uids'=>[1,2,3]], ['uids'=>Connection::PARAM_INT_ARRAY] );

With a SELECT statement, the rows from the database are returned as an array. For all other statements (e.g. UPDATE or DELETE), the number of affected rows is returned.

    @param string $statement

    @param array $params

    @param array $types

    @return mixed

Source Code public function statement( $statement = '', $params = [], $types = [] )
{
	$connection = $this->getConnection();
	// exec / fetchAll --> @siehe https://bit.ly/3ltPF0S
	// set types automatically if params were used
	foreach ($params as $key=>$val) {
		// was type defined in arguments? then skip
		if (isset($types[$key])) {
			continue;
		}
		// type not defined - and not array? then add type
		if (!is_array($val)) {
			if (is_numeric($val)) {
				$types[$key] = Connection::PARAM_INT;
			} else {
				$types[$key] = Connection::PARAM_STR;
			}
			continue;
		}
		// type not defined and array?
		$allNumeric = count(array_filter($val, 'is_numeric')) === count($val);
		$types[$key] = $allNumeric ? Connection::PARAM_INT_ARRAY : Connection::PARAM_STR_ARRAY;
	}
	if (stripos($statement, 'select ') !== false) {
		$result = $connection->fetchAllAssociative( $statement, $params, $types );
	} else {
		$result = $connection->executeStatement( $statement, $params, $types );
	}
	return $result;
}        
        Copied!
    