Re: newbie issues with PDO / stored procedures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Andrew McMillan wrote:
I'm not sure this will work in your case, but the normal way to get
SETOF returning functions to return rows that look just like real table
rows is to define a view with the semantically sensible names and then
do your query against the view.

CREATE VIEW my_rows AS SELECT col1, col2, col3
       FROM setof_returning_function();

Then you will get a normal select output in your program and be able to
refer to $row->col1 etc.

This doesn't necessarily work so well when you want to hand in a
parameter, unless you can hand that in by doing a join of some kind:

CREATE VIEW my_rows AS SELECT col1, col2, col3,
                      jointable.pkey_col AS other_key
       FROM setof_returning_function(jointable.somecol), jointable;

Then you would need to do something like:

SELECT col1 FROM my_rows WHERE other_key = 75

Etc.


Hope this helps,
					Andrew.

-------------------------------------------------------------------------
Andrew @ Catalyst .Net .NZ  Ltd,  PO Box 11-053, Manners St,  Wellington
WEB: http://catalyst.net.nz/            PHYS: Level 6, 150-154 Willis St
DDI: +64(4)803-2201      MOB: +64(272)DEBIAN      OFFICE: +64(4)499-2267
It is truth which you cannot contradict; you can without any difficulty
                      contradict Socrates. - Plato

-------------------------------------------------------------------------
It helped a lot! Thank you!

Now I am using DSQL in my application in a form like 'SELECT * FROM my_usp(:param);' and using PDO's bindParam() function to pass in params.

So I think I am still achieving the intended security of using SPs against SQL injection by not directly inserting request args in my SQL, as well as being able to pass in params without explicitly creating a VIEW first.

I have even had success in joining two parameterized SPs together as in 'SELECT my_usp1.[only a few columns...], my_usp2.[only a few columns...] FROM my_usp1(param) JOIN my_usp2(param) [etc.]'. Am I incurring some kind of inefficiency by not having an execution plan for that JOINed statement, or does PDO->prepare() take care of that?

Which brings me to a re-statement of one of my earlier questions, which I still have not found the answer to:

Is there any way to / how do i... write a function that returns a subset of columns from each of two JOINed tables?

I have accomplished this by defining a VIEW for my desired output schema first and having the function return that type, but, is there any simple "generic" type I can use as a return type to avoid having to do so? Right now I am working in a RAD/prototyping mode and it slows me down a bit to have to formalize everything in that way.

Thanks for any assistance!


[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux