version: 2.1.12
query
Execute the customized raw query
query($query)
query [string]
The SQL query.
map (optional) [array]
The array of input parameters value for the prepared statement.
Return: [object] The PDOStatement object.
Medoo is handling all queries with SQL-92 standard. You should keep in mind the quotation marks in the query, or use prepared statements to prevent SQL injection as possible.
$database->query("CREATE TABLE table (
c1 INT STORAGE DISK,
c2 INT STORAGE MEMORY
) ENGINE NDB;");
$data = $database->query("SELECT email FROM account")->fetchAll();
print_r($data);
Quotation Syntax
The raw SQL expression provided a shortcut quoting and prefixing for table name and column name, so you don\'t have to care about the quotation and maintain the table prefix. All you have to do is use <name> to explain they are tables or column names. Medoo will analyze whether they are tables or columns and translate them with correct quotations and prefixes.
$data = $database->query("SELECT <email> FROM <account>")->fetchAll();
// This query will be translated to:
// SELECT "email" FROM "account"
// If you have set table prefix from initialization, the above query will be translated to:
$database = new Medoo([
....
"prefix" => "WP_"
]);
$data = $database->query("SELECT <account.email>,<account.nickname>
FROM <account>
WHERE <id> != 100
")->fetchAll();
SELECT "WP_account"."email", "WP_account"."nickname" FROM "WP_account" WHERE "id" != 100
Prepared statement
The query() also supports prepared statements. Medoo will auto-detect the data type for input parameters.
$data = $database->query( "SELECT * FROM <account> WHERE <user_name> = :user_name AND <age> = :age", [ ":user_name" => "John Smite", ":age" => 20 ] )->fetchAll(); print_r($data);