Mysql query, successful?

jenstornell · September 23, 2016, 10:40am

I’m playing around with the database mysql part of Kirby.

I’m running a raw query because I want to use DELETE with IN.

$sql = "DELETE from products WHERE id IN ('" . $array_with_ids . "');";
print_r( db::query($sql) );

The result I get is not true or false, which is expected because the query expects a database result.

Collection Object ( [pagination:protected] => [data] => Array ( ) )

The above looks ok, because I did not use a SELECT. But how can I know if it failed? Will it return it differently?

If the query fails, I want to do something, like mail myself or store it in a page.

lukasbestle · September 23, 2016, 11:15am

You are looking for db::execute. However, your raw query has a huge SQL injection issue. Never add strings to a SQL query without escaping.

Kirby’s API also supports the IN operator, which is much safer as it escapes everything for you:

$result = db::table('products')->where('id', 'in', $array_with_ids)->delete();

jenstornell · September 23, 2016, 11:23am

Thank you so much! That looks really awesome! I did not find it in the docs. RTFM? If I could find it.

lukasbestle · September 23, 2016, 12:12pm

The advanced behavior isn’t all documented on the site, but you can take a look at the source code.

Topic		Replies	Views
MySQL string escaping Questions v2	6	1174	February 6, 2025
Db extended information Questions v4	5	71	May 30, 2024
Using db::query with prepared statements? Questions v2	4	1078	February 6, 2025
Complex sql queries without SQL injections Questions v2	3	804	February 6, 2025
MySQL and more complex queries Questions v2	3	1438	February 6, 2025