0

I am going through a PHP Script and the code/syntax I saw is totally new to me. Can anyone tell me in detail what actually its about?

$products = $this->db->select(
    array(
        'table'=>'product_categories pc, product_price pp, alias a, products p 
                    LEFT JOIN product_images pi 
                    ON 
                    pi.product_id = p.id ',
        'fields'=>'*',
        'condition'=>"pc.category_id='" . $row['id'] . "' 
                        AND 
                    pc.product_id = p.id 
                        AND 
                    pp.product_id = p.id  
                        AND 
                    a.table_id = p.id 
                        AND 
                    a.table_name = 'products'", 
        'order'=>'p.ordr ASC'));
Tschallacka
  • 27,901
  • 14
  • 88
  • 133
Ganesh Salunkhe
  • 596
  • 1
  • 4
  • 18
  • 1
    You are probably using some kind of framework that use a data base abstraction of some sort. So instead of writing queries you can build queries like the above. If you check where $this->db is set and follow that trail back to see what "db" in this sense actually is, then you should be able to find out what you are dealing with / find more docs online. – JimL Feb 18 '15 at 07:06
  • Is this a Laravel framework code base? – iavery Feb 18 '15 at 07:07

1 Answers1

1

What happens is the database selector receives an array.

  • In the $array['table'] part are all the table and join instructions
  • In the $array['fields'] part are the fields from the array that are in need of selecting
  • In the $array['condition'] are all the requirements the rows must meet to be included in the selecton.
  • And in the $array['order'] part how to order

Personally I think this is a very very messy way to do this. This is basically just a very bad. There is no use of prepared statements, and its more cumbersome than the actual query itself

SELECT * FROM product_categories pc, product_price pp, alias a, products p 
                LEFT JOIN product_images pi 
                ON 
                pi.product_id = p.id 
    WHERE pc.category_id=:myid
                    AND 
                pc.product_id = p.id 
                    AND 
                pp.product_id = p.id  
                    AND 
                a.table_id = p.id 
                    AND 
                a.table_name = 'products' 
    ORDER BY p.ordr ASC

A tip for you next time, clean up the code like I did with your tidbit, usually a mess will become clear when its idented. It becomes easier to see what happens where.

Also, I suggest reading up on How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Tschallacka
  • 27,901
  • 14
  • 88
  • 133