-1

So this must be a newbie question but i'm basically there in php and I'm stuck at this point.

I'm executing queries like that : $db->query($query);

And this is the function query() : 

public function query($statement){
    $req = $this->getPDO()->query($statement);
    $datas = $req->fetchAll(PDO::FETCH_OBJ);
    return $datas;
}

So this is working as long as the output of my query is an object.

But let say I want to update or delete a row. How can I say that I want a condition on this function ? Is there a parameters for the type of the query output ?

Edit :

Since this seems to not be clear in this precise function I can't use queries like UPDATE ... or DELETE.. due to the fact that it is outputting nothing. This is precisely what I want to do something like 

public function query($statement){
    if(output is an object){
    $req = $this->getPDO()->query($statement);
    $datas = $req->fetchAll(PDO::FETCH_OBJ);
    return $datas;
   } else if (there is no output) {
    $sth = $dbh->prepare($statement));
    $sth->execute();
   }
}
Baldráni
  • 5,332
  • 7
  • 51
  • 79
  • Use prepared statements with execute function – Jeff Puckett Jun 04 '16 at 16:11
  • You may want to include what framework do you use. So that it is clearer to people – iCezz Jun 04 '16 at 16:13
  • @iCezz i'm not using framework just plain hardcoded php. – Baldráni Jun 04 '16 at 16:15
  • @JeffPuckettII I'll give a try but can you be a bit more specific :/ – Baldráni Jun 04 '16 at 16:17
  • 1
    surely the statement you pass to this function will contain the condition? At least that's how the function has been set up.. – Matt Jun 04 '16 at 16:20
  • @Matt the statement is just a query 'SELECT * FROM ..." as exemple – Baldráni Jun 04 '16 at 16:21
  • _the statement is just a query 'SELECT * FROM_ Well in that case you can pass ANY SQL STATEMENT YOU CAN THINK UP... **Duh** – RiggsFolly Jun 04 '16 at 16:22
  • @Baldráni Then what conditions are you talking about? just add the condition to this statement.. e.g. `SELECT * FROM table1 WHERE ...` – Matt Jun 04 '16 at 16:22
  • I want to add a condition on the type of the query output ... – Baldráni Jun 04 '16 at 16:28
  • @RiggsFolly Since I'm using `FETCH_OBJ' I don't think I can use any sql statement .... how would it react to 'UPDATE ... or DELETE' or wtv... – Baldráni Jun 04 '16 at 16:31
  • @Baldráni Good point: **Bad method design** Throw it away and do it again. Both `MYSQLI_` and `PDO` already have their own OO design. Why are you trying to wrap a Good Object in a badly designed one? – RiggsFolly Jun 04 '16 at 16:39
  • Using this would mean your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared statement and parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jun 04 '16 at 16:40
  • @RiggsFolly hum this is for an admin site only as a project for school but ok I will think of it later – Baldráni Jun 04 '16 at 16:44

1 Answers1

1

You can check if the $statement starts with the operation Keyword: insert, update, select ...

public function query($statement){
     $req = $this->getPDO()->query($statement);
    if(substr( $statement, 0, 6 )) === "SELECT"){      
       $datas = $req->fetchAll(PDO::FETCH_OBJ);
    }elseif(substr( $statement, 0, 6 )) === "UPDATE"){
    ....
    }

    return $datas;
}
Kld
  • 6,970
  • 3
  • 37
  • 50