มีวิธีที่เหมาะสมกว่าในการทำเช่นนี้เพื่อหลีกเลี่ยง SQL Injections
$resource = Mage::getSingleton('core/resource');
$write = $resource->getConnection('core_write');
$table = $resource->getTableName('your/model');
คุณสามารถสร้าง:
$write->insert(
$table,
['column_1' => 1, 'column_2' => 2]
);
อ่าน:
$select = $write->select()
->from(['tbl' => $table], ['entity_id', 'company'])
->join(['tbl2' => $table2], 'tbl.entity_id = tbl2.product_id', ['stuff'])
->where('name LIKE ?', "%{$name}%")
->group('company');
$results = $write->fetchAll($select);
ปรับปรุง:
$write->update(
$table,
['column_1' => 3, 'column_2' => 4],
['entity_id = ?' => 123]
);
ลบ:
$write->delete(
$table,
['entity_id IN (?)' => [123, 456]]
);
แทรกหลายรายการ:
$rows = [
['col_1'=>'value1', 'col_2'=>'value2', 'col_3'=>'value3'],
['col_1'=>'value3', 'col_2'=>'value4', 'col_3'=>'value5'],
];
$write->insertMultiple($table, $rows);
แทรกการอัปเดตเมื่อทำซ้ำ:
$data = [];
$data[] = [
'sku' => $sku,
'name' => $name
];
$write->insertOnDuplicate(
$table,
$data, // Could also be an array of rows like insertMultiple
['name'] // this is the fields that will be updated in case of duplication
);