Skip to content
developed by

Query basics

Create a query

A query created from the query builder:

php
use MakinaCorpus\QueryBuilder\QueryBuilder;

assert($queryBuilder instanceof QueryBuilder);

$select = $queryBuilder->select($table, $alias);
$update = $queryBuilder->update($table, $alias);
$merge = $queryBuilder->merge($table);
$delete = $queryBuilder->delete($table, $alias);

Generated SQL

Generated SQL is SQL-92 standard compliant per default, along with a few variations from SQL 1996, 1999, 2003, 2006, 2008, 2011 when implemented. For SQL servers that don't play well with SQL standard, drivers will fix the SQL query formatting accordingly by themselves.

INFO

Depending on the database server, some constructs might not work (for example MySQL does not support WITH or RETURNING statements): in most cases, it will fail while during query execution in tyhe RDBMS side.

Generated SQL is arbitrary

TIP

Validity of the SQL you build with the query builder is never validated, by design.

Any method parameter in the whole builder can be arbitrary MakinaCorpus\QueryBuilder\Expression instance including the raw SQL expression.

When an expression object is given anywhere, the query writer will simply format it at the exact place it was given.

This includes table and column names which are not validated during query building: you can always write arbitrary identifiers, they will be left untouched within the generated SQL.

This explicitely allows you to go beyond the query builder capabilities and write custom or specific arbitrary SQL.

WARNING

Never allow arbitrary user values to pass down as raw SQL string: since they are not properly escaped, they represent a security risk.

Keep them for edge cases the builder can't do.

The MakinaCorpus\QueryBuilder\Expression\Raw object allows you to pass arbitrary parameters that must refer to parameters placehoders within the expression arbitrary SQL string, example usage on a select query adding an arbitrary raw expression to the where clause:

php
// WHERE COUNT("comment") > 5
$select->whereRaw('COUNT("comment") > ?', [5]);

Parameter placeholders will be gracefully merged to the others in their rightful respective order when SQL will be generated.

See the arbitrary SQL injection documentation.

Expression formatting examples

TIP

There are many different expression implementations, please read the feature matrix for an exhaustive list.

Raw

This expression allows to write arbitrary unvalidated SQL.

php
use MakinaCorpus\QueryBuilder\Expression\Raw;

// Create a raw expression
new Raw('count(*)');

// Create a raw expression with arguments
new Raw('sum(foo.column1) = ?', [12]);

ColumnName

This expression allows you to identify a column, which will be properly escaped in the generated SQL.

Simple example

php
use MakinaCorpus\QueryBuilder\Expression\ColumnName;

new ColumnName('some_column');

Will be formatted as:

sql
"some_column"

With a table alias (implicit)

php

use MakinaCorpus\QueryBuilder\Expression\ColumnName;

new ColumnName('some_column.some_table');

Will be formatted as:

sql
"some_table"."some_column"

With a table alias (explicit)

php
use MakinaCorpus\QueryBuilder\Expression\ColumnName;

new ColumnName('some_column', 'some_table');

Will be formatted as:

sql
"some_table"."some_column"

If you need to escape dot

php
use MakinaCorpus\QueryBuilder\Expression\ColumnName;

new ColumnName('some.column', 'some.table');

Will be formatted as:

sql
"some.table"."some.column"

TableName

This expression allows you to identify a table, table, constant table with alias, WITH statement.

Simple example

php

use MakinaCorpus\QueryBuilder\Expression\TableName;

new TableName('some_table');

Will be formatted as:

sql
"some.table"

With a table alias

php
use MakinaCorpus\QueryBuilder\Expression\TableName;

new TableName('some_table', 'foo');

Will be formatted as:

sql
"some.table" as "foo"

With a schema (implicit)

php
use MakinaCorpus\QueryBuilder\Expression\TableName;

new TableName('my_schema.some_table', 'foo');

Will be formatted as:

sql
"my_schema"."some_table" as "foo"

With a schema (explicit)

php
use MakinaCorpus\QueryBuilder\Expression\TableName;

new TableName('some_table', 'foo', 'my_schema');

Will be formatted as:

sql
"my_schema"."some_table" as "foo"

If you need to escape dot

php
use MakinaCorpus\QueryBuilder\Expression\TableName;

new TableName('some.table', 'some.alias', 'my.schema');

Will be formatted as:

sql
"my.schema"."some.table" as "foo"

Value

Represents a raw value. You will need this when the converter is unable to find the appropriate type to convert to, for example when you need to store json or jsonb or an SQL ARRAY.

It will pass the type cast whenever necessary in queries, allowing the converter to deambiguate values types.

TIP

Value conversion and representation in SQL is done by the converter.

Simple exemple

php
use MakinaCorpus\QueryBuilder\Expression\Value;

new Value(12);

Will always be formatted as in the generated SQL code as a placeholder:

sql
?

Type will be dynamically guessed by the converter as being int, converted then sent as an argument to the underlaying database access layer.

With a type

php
use MakinaCorpus\QueryBuilder\Expression\Value;

new Value(12, 'int');

Type will be treated as an int directly by the converter, which prevent it from doing a dynamic lookup and is more performant.

JSON

php
use MakinaCorpus\QueryBuilder\Expression\Value;

new Value(['foo' => 'bar', 'baz' => [1, 2, 3]], 'json');

Value will simply be converted to JSON and sent as-is.

ARRAY

php
use MakinaCorpus\QueryBuilder\Expression\Value;

new Value([1, 2, 3], 'int[]');

And will be converted as:

sql
ARRAY[1, 2, 3]