Version: v2.4.0
query
Execute a custom raw SQL query.
query($query, $map)
query [string]
The SQL query to execute.
map [array] (optional)
The input parameter values for the prepared statement.
Return Value
[PDOStatement] The PDOStatement instance for the executed query.
Medoo generates queries using SQL-92 syntax. When writing raw SQL, ensure values are quoted correctly, and prefer prepared statements whenever possible to reduce the risk of SQL injection.
$database->query("CREATE TABLE account_storage (
c1 INT STORAGE DISK,
c2 INT STORAGE MEMORY
) ENGINE NDB;");
$data = $database->query("SELECT email FROM account")->fetchAll();
print_r($data);
Quotation Syntax
Raw SQL expressions support shortcut quoting and table-prefix handling for table and column identifiers. Use
<name> to mark identifiers, and Medoo will resolve them to properly quoted table or column names (including configured prefixes).$data = $database->query("SELECT <email> FROM <account>")->fetchAll();
// Translated SQL:
// SELECT "email" FROM "account"
// If a table prefix is configured, the query becomes:
$database = new Medoo([
// ...
"prefix" => "WP_"
]);
$data = $database->query("SELECT <account.email>,<account.nickname>
FROM <account>
WHERE <id> != 100
")->fetchAll();
SELECT "WP_account"."email", "WP_account"."nickname" FROM "WP_account" WHERE "id" != 100
Prepared Statement
query() also supports prepared statements. Medoo auto-detects parameter types for bound input values.$data = $database->query( "SELECT * FROM <account> WHERE <user_name> = :user_name AND <age> = :age", [ ":user_name" => "John Smith", ":age" => 20 ] )->fetchAll(); print_r($data);