ZF-1905: where condition

Description

i tried to execute this : $table->update($data, array('id = ?' => 5)); and the query resulted was : update table set ........ where (5)

i think the _updateExpr() function should be changed to :


    protected function _whereExpr($where)
    {
        if (empty($where)) {
            return $where;
        }
        if (!is_array($where)) {
            $where = array($where);
        }
        foreach ($where as $key=>&$term) {
            if ($term instanceof Zend_Db_Expr) {
                $term = $term->__toString();
            } else {
                if (!is_numeric($key))
                {
                    $term = $this->quoteInto($key,$term);
                }
            }
            $term = '(' . $term . ')';
        }
        $where = implode(' AND ', $where);
        return $where;
    }

Comments

Assigned to Bill

This issue should have been fixed for the 1.5 release.

Please categorize/fix as needed.

This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

I prepared patch file with functionality mentioned above and i added one more feature. In most cases where conditions are simple comparision with '=' sign. With attached patch you can prepare where parameter as below:


$db = Zend_Db::factory(...);

//current functionality
$db->delete('tbl1', "name = 'a'");
$db->delete('tbl1', array("name = 'a'", new Zend_Db_Expr('id = 8')));

//NEW, key is expression and value bind parameter
//DELETE FROM tbl1 WHERE (name = 'a') AND (id > '8')
$db->delete('tbl1', array("name = ?" => "a", "id > ?" => 8));

//NEW, key is column name and value bind parameter
//DELETE FROM tbl1 WHERE (name = 'a') AND (id = '9')
$db->delete('tbl1', array("name" => "a", "id" => 9));

It works with update and insert method as well.

Of course i meant delete and update method (no insert).

Reassigning as Ralph is the maintainer of Zend_Db

Will evaluate within 2 weeks

I don't see a use case here where you can't build the where clause string using quote() or quoteInto(). It doesn't seem to be worth the additional complexity. Please reopen if I'm missing something- especially a use case that cannot be handled with this method.

,Wil

Actually, there are several issues for this and a case for matching the behavior of fetch() and fetchAll(). This will be fixed, but for bookkeeping purposes this issue will be closed as a duplicate.

IMHO in this situation it's worth additional complexity beacouse of consistency. In insert method and half of update is used parametrized query but here we need to use quoteInto. Would be nice if i could could use what i have from db engine and not using something like addslashes() - more accurate but still.

IMHO in this situation it's worth additional complexity beacouse of consistency. In insert method and half of update is used parametrized query but here we need to use quoteInto. Would be nice if i could could use what i have from db engine and not using something like addslashes() - more accurate but still.