Phalcon查询语言

Phalcon查询语言(Phalcon Query Language)

Phalcon查询语言,简称PhalconQL或PHQL,是一种面向对象的高级SQL语言,允许用标准化的SQL编写。PHQL实现了把操作语句解析为RDBMS目标语言的解析器(C语言编写)。

为了达到最佳性能,Phalcon提供了与SQLite相同的解析器,其线程安全,内存占用极低。

解析器先检查传递的PHQL语句的语法,然后构建中间语句,最后将其转换为RDBMS对应的SQL语句。

PHQL实现了一系列功能,可以更安全的操作数据库。

  • 参数绑定是PHQL功能之一,使代码更安全
  • PHQL每次只允许执行一条SQL语句,以防SQL注入
  • PHQL会忽略所有SQL注入中常用的SQL注释
  • PHQL只允许数据操作语句,避免错误的或未经授权的更改、删除数据库和表
  • PHQL实现了高级抽象接口,允许以模型方式操作表,以类属性方式操作表字段

使用示例(Usage Example)

为了更好的解释PHQL工作原理,请参考下例。有CarsBrands两个模型:

belongsTo('brand_id', 'Brands', 'id');
    }
}

每辆车都属于一个品牌,每个品牌有多辆车:

hasMany('id', 'Cars', 'brand_id');
    }
}

创建PHQL查询(Creating PHQL Queries)

实例化Phalcon\Mvc\Model\Query类即可创建PHQL查询:

getDI()
);

// 执行查询,返回结果(如果有的话)
$cars = $query->execute();

控制器或视图中,使用Phalcon\Mvc\Model\Manager可以很容易的创建、执行PHQL查询:

modelsManager->createQuery("SELECT * FROM Cars");
$cars  = $query->execute();

// 使用参数绑定
$query = $this->modelsManager->createQuery("SELECT * FROM Cars WHERE name = :name:");
$cars  = $query->execute(
    [
        'name' => 'Audi',
    ]
);

或者直接执行查询:

modelsManager->executeQuery(
    "SELECT * FROM Cars"
);

// 使用参数绑定
$cars = $this->modelsManager->executeQuery(
    "SELECT * FROM Cars WHERE name = :name:",
    [
        'name' => 'Audi',
    ]
);

查询记录(Selecting Records)

PHQL允许使用我们熟知的SELECT语句查询记录,使用模型名字代替表名:

createQuery(
    "SELECT * FROM Cars ORDER BY Cars.name"
);

$query = $manager->createQuery(
    "SELECT Cars.name FROM Cars ORDER BY Cars.name"
);

允许带命名空间的模型名:

createQuery($phql);

$phql  = "SELECT Formula\Cars.name FROM Formula\Cars ORDER BY Formula\Cars.name";
$query = $manager->createQuery($phql);

$phql  = "SELECT c.name FROM Formula\Cars c ORDER BY c.name";
$query = $manager->createQuery($phql);

PHQL支持大部分标准SQL语法,非标准的SQL语法也同样支持,如LIMIT:

createQuery($phql);

结果集类型(Result Types)

结果集类型根据我们查询字段的不同而不同,如果检索单个完整对象,则返回Phalcon\Mvc\Model\Resultset\Simple对象。这种结果集是一组完整的模型对象:

executeQuery($phql);

foreach ($cars as $car) {
    echo 'Name: ', $car->name, "\n";
}

下面这种方式也一样:

 'name',
    ]
);

foreach ($cars as $car) {
    echo 'Name: ', $car->name, "\n";
}

完整模型对象中的数据能够被修改,并重新保存到数据库中,因为它们代表关联表的完整记录。下面这种查询方式不会返回完整模型对象:

executeQuery($phql);

foreach ($cars as $car) {
    echo 'Name: ', $car->name, "\n";
}

我们仅仅查询了表中的某些字段,虽然返回的结果集仍然是Phalcon\Mvc\Model\Resultset\Simple对象,但不能当成完整模型对象。该对象的每个成员都是一个包含所查询字段的标准对象。

这些不表示完整对象的值就是我们所说的标量,PHQL允许查询所有类型的标量:字段,函数,字面两,表达式等:

execute($phql);

foreach ($cars as $car) {
    echo $car->id_name, "\n";
}

我们可以查询完整对象或标量,也可以同时查询它们:

executeQuery($phql);

这种情况下的结果集是一个Phalcon\Mvc\Model\Resultset\Complex对象,可以同时访问完整对象和标量:

cars->name, "\n";
    echo 'Price: ', $row->cars->price, "\n";
    echo 'Taxes: ', $row->taxes, "\n";
}

连接(Joins)

使用PHQL可以很容易的从多个模型请求记录,支持大部分的JOIN方式。我们在模型中定义关系之后,PHQL会自动添加这些条件:

executeQuery($phql);

foreach ($rows as $row) {
    echo $row->car_name, "\n";
    echo $row->brand_name, "\n";
}

默认使用INNER JOIN,可以指定JOIN类型:

executeQuery($phql);

$phql = "SELECT Cars.*, Brands.* FROM Cars LEFT JOIN Brands";
$rows = $manager->executeQuery($phql);

$phql = "SELECT Cars.*, Brands.* FROM Cars LEFT OUTER JOIN Brands";
$rows = $manager->executeQuery($phql);

$phql = "SELECT Cars.*, Brands.* FROM Cars CROSS JOIN Brands";
$rows = $manager->executeQuery($phql);

也可以手动设置JOIN条件:

executeQuery($phql);

如果查询中为模型定义别名,则将使用别名为结果集中的每一条记录命名:

executeQuery($phql);

foreach ($rows as $row) {
    echo 'Car: ', $row->c->name, "\n";
    echo 'Brand: ', $row->b->name, "\n";
}

如果连接模型与from之后的模型具有多对多关系时,中间模型将隐式的添加到查询中:

modelsManager->executeQuery($phql);

上述代码在MySQL中执行下列SQL:

SELECT `artists`.`name`, `songs`.`name` FROM `artists`
INNER JOIN `albums` ON `albums`.`artists_id` = `artists`.`id`
INNER JOIN 'songs' ON `albums`.`songs_id` = `songs`.`id`
WHERE `artists`.`genre` = 'Trip-Hop'

聚合(Aggregations)

下面例子展示了PHQL中如何使用聚合:

executeQuery($phql)->getFirst();
echo $row['summatory'];

// 每个品牌下的汽车总数
$phql = "SELECT Cars.brand_id, COUNT(*) FROM Cars GROUP BY Cars.brand_id";
$rows = $manager->executeQuery($phql);
foreach ($rows as $row) {
    echo $row->brand_id, ' ', $row['1'], "\n";
}

// 每个品牌下的汽车总数
$phql = "SELECT Brands.name, COUNT(*) FROM Cars JOIN Brands GROUP BY 1";
$rows = $manager->executeQuery($phql);
foreach ($rows as $row) {
    echo $row->name, ' ', $row['1'], "\n";
}

$phql = "SELECT MAX(price) AS maximum, MIN(price) AS minimum FROM Cars";
$rows = $manager->executeQuery($phql);
foreach ($rows as $row) {
    echo $row['maximum'], ' ', $row['minimum'], "\n";
}

// 统计品牌数量
$phql = "SELECT COUNT(DISTINCT brand_id) AS brandId FROM Cars";
$rows = $manager->executeQuery($phql);
foreach ($rows as $row) {
    echo $row->brandId, "\n";
}

条件(Conditions)

条件能让我们过滤想要查询的记录,WHERE子句允许这样:

executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.price > 10000";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE TRIM(Cars.name) = 'Audi R8'";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.name LIKE 'Ferrari%'";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.name NOT LIKE 'Ferrari%'";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.price IS NULL";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.id IN (120, 121, 122)";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.id NOT IN(430, 431)";
$cars = $manager->executeQuery($phql);

$phql = "SELECT * FROM Cars WHERE Cars.id BETWEEN 1 AND 100";
$cars = $manager->executeQuery($phql);

此外,作为PHQL的一部分,参数绑定会自动转义输入数据,安全性更高:

executeQuery(
    $phql,
    [
        'name' => 'Lamborghini Espada',
    ]
);

$phql = "SELECT * FROM Cars WHERE Cars.name = ?0";
$cars = $manager->executeQuery(
    $phql,
    [
        0 => 'Lamborghini Espada',
    ]
);

插入数据(Inserting Data)

通过PHQL,可以使用我们非常熟悉的INSERT语句插入数据:

executeQuery($phql);

// 插入数据,指定字段
$phql = "INSERT INTO Cars (name, brand_id, year, style) VALUES ('Lamborghini Espada', 7, 1969, 'Grand Tourer')";
$manager->executeQuery($phql);

// 插入数据,使用占位符
$phql = "INSERT INTO Cars (name, brand_id, year, style) VALUES (:name:, :brand_id:, :year:, :style:)";
$manager->executeQuery(
    $phql,
    [
        'name'     => 'Lamborghini Espada',
        'brand_id' => 7,
        'year'     => 1969,
        'style'    => 'Grand Tourer',
    ]
);

Phalcon不只是单纯的将PHQL语句转化成SQL,模型中定义的所有事件和业务规则都会执行,就像我们手动创建对象那样。我们为模型Cars创建一条规则,车的价格不能低于$ 10,000:

price < 10000) {
            $this->appendMessage(
                new Message('A car cannot cost less than $ 10,000')
            );

            return false;
        }
    }
}

如果我们在模型Cars中执行下面的INSERT语句,操作将会失败,因为price不满足我们制定的规则。通过检查插入状态,我们可以打印任何内部生成的验证消息:

executeQuery($phql);

if ($result->success() === false) {
    foreach ($result->getMessages() as $message) {
        echo $message->getMessage();
    }
}

更新数据(Updating Data)

更新记录与插入记录非常相似,更新记录使用UPDATE命令。更新记录时,将为每条记录执行与更新操作相关的事件。

executeQuery($phql);

// 更新多个字段
$phql = "UPDATE Cars SET price = 15000.00, type = 'Sedan' WHERE id = 101";
$manager->executeQuery($phql);

// 更新多条记录
$phql = "UPDATE Cars SET price = 7000.00, type = 'Sedan' WHERE brands_id > 5";
$manager->executeQuery($phql);

// 使用占位符
$phql = "UPDATE Cars SET price = ?0, type = ?1 WHERE brands_id > ?2";
$manager->executeQuery(
    $phql,
    [
        0 => 7000.00,
        1 => 'Sedan',
        2 => 5,
    ]
);

UPDATE语句执行更新分两步进行:

  • 首先,如果UPDATE包含WHERE子句,将检索符合条件的所有对象
  • 其次,基于查询对象更新字段并保存

这种操作方式允许事件、虚拟外键和验证参与更新过程。

 101";

$result = $manager->executeQuery($phql);

if ($result->success() === false) {
    $messages = $result->getMessages();

    foreach ($messages as $message) {
        echo $message->getMessage();
    }
}

上面代码相当于:

 101');

    foreach ($cars as $car) {
        $car->price = 15000;

        if ($car->save() === false) {
            $messages = $car->getMessages();

            return false;
        }
    }

    return true;
};

$success = $process();

删除数据(Deleting Data)

删除记录时,与删除操作相关的事件将逐一执行:

executeQuery($phql);

// 删除多条记录
$phql = "DELETE FROM Cars WHERE id > 100";
$manager->executeQuery($phql);

// 使用占位符
$phql = "DELETE FROM Cars WHERE id BETWEEN :initial: AND :final:";
$manager->executeQuery(
    $phql,
    [
        'initial' => 1,
        'final'   => 100,
    ]
);

UPDATE一样,DELETE操作也分两步执行,要检查删除操作是否产生验证消息,你可以检查返回的状态:

 100";

$result = $manager->executeQuery($phql);

if ($result->success() === false) {
    $messages = $result->getMessages();

    foreach ($messages as $message) {
        echo $message->getMessage();
    }
}

使用查询构造器创建查询(Creating queries using the Query Builder)

查询构造器可用于创建PHQL查询,无需编写PHQL语句:

modelsManager->createBuilder()
    ->from('Robots')
    ->join('RobotsParts')
    ->orderBy('Robots.name')
    ->getQuery()
    ->execute();

// 获取第一条记录
$robots = $this->modelsManager->createBuilder()
    ->from('Robots')
    ->join('RobotsParts')
    ->orderBy('Robots.name')
    ->getQuery()
    ->getSingleResult();

同下列操作:

executeQuery($phql);

查询构造器更多示例:

from('Robots');

// "SELECT Robots.*, RobotsParts.* FROM Robots, RobotsParts";
$builder->from(
    [
        'Robots',
        'RobotsParts',
    ]
);

// "SELECT * FROM Robots";
$phql = $builder->columns('*')
    ->from('Robots');

// "SELECT id FROM Robots";
$builder->columns('id')
    ->from('Robots');

// "SELECT id, name FROM Robots";
$builder->columns(['id', 'name'])
    ->from('Robots');

// "SELECT Robots.* FROM Robots WHERE Robots.name = 'Voltron'";
$builder->from('Robots')
    ->where('Robots.name = "Voltron"');

// "SELECT Robots.* FROM Robots WHERE Robots.id = 100";
$builder->from('Robots')
    ->where(100);

// "SELECT Robots.* FROM Robots WHERE Robots.type = 'virtual' AND Robots.id > 50";
$builder->from('Robots')
    ->where('type = "virtual"')
    ->andWhere('id > 50');

// "SELECT Robots.* FROM Robots WHERE Robots.type = 'virtual' OR Robots.id > 50";
$builder->from('Robots')
    ->where('type = "virtual"')
    ->orWhere('id > 50');

// "SELECT Robots.* FROM Robots GROUP BY Robots.name";
$builder->from('Robots')
    ->groupBy('Robots.name');

// "SELECT Robots.* FROM Robots GROUP BY Robots.name, Robots.id";
$builder->from('Robots')
    ->groupBy(['Robots.name', 'Robots.id']);

// "SELECT Robots.name SUM(Robots.price) FROM Robots GROUP BY Robots.name";
$builder->columns(['Robots.name', 'SUM(Robots.price)'])
    ->from('Robots')
    ->groupBy('Robots.name');

// "SELECT Robots.name, SUM(Robots.price) FROM Robots GROUP BY Robots.name HAVING SUM(Robots.price) > 1000";
$builder->columns(['Robots.name', 'SUM(Robots.price)'])
    ->from('Robots')
    ->groupBy('Robots.name')
    ->having('SUM(Robots.price) > 1000');

// "SELECT Robots.* FROM Robots JOIN RobotsParts";
$builder->from('Robots')
    ->join('RobotsParts');

// "SELECT Robots.* FROM Robots JOIN RobotsParts AS p";
$builder->from('Robots')
    ->join('RobotsParts', null, 'p');

// "SELECT Robots.* FROM Robots JOIN RobotsParts ON Robots.id = RobotsParts.robots_id AS p";
$builder->from('Robots')
    ->join('RobotsParts', 'Robots.id = RobotsParts.robots_id', 'p');

// "SELECT Robots.* FROM robots JOIN RobotsParts ON Robots.id = RobotsParts.robots_id AS p JOIN Parts ON Parts.id = RobotsParts.parts_id AS t";
$builder->from('Robots')
    ->join('RobotsParts', 'Robots.id = RobotsParts.robots_id', 'p')
    ->join('RobotsParts', 'Parts.id = RobotsParts.parts_id', 't');

// "SELECT r.* FROM Robots AS r";
$builder->addFrom('Robots', 'r');

// "SELECT Robots.*, p.* FROM Robots, Parts AS p";
$builder->from('Robots')
    ->addFrom('Parts', 'p');

// "SELECT r.*, p.* FROM Robots AS r, Parts AS p";
$builder->from(['r' => 'Robots'])
    ->addFrom('Parts', 'p');

// "SELECT r.*, p.* FROM Robots AS r, Parts AS p";
$builder->from(['r' => 'Robots', 'p' => 'Parts']);

// "SELECT Robots.* FROM Robots LIMIT 10";
$builder->from('Robots')
    ->limit(10);

// "SELECT Robots.* FROM Robots LIMIT 10 OFFSET 5";
$builder->from('Robots')
    ->limit(10, 5);

// "SELECT Robots.* FROM Robots WHERE id BETWEEN 1 AND 100";
$builder->from('Robots')
    ->betweenWhere('id', 1, 10);

// "SELECT Robots.* FROM Robots WHERE id IN (1, 2, 3)";
$builder->from('Robots')
    ->inWhere('id', [1, 2, 3]);

// "SELECT Robots.* FROM Robots WHERE id NOT IN (1, 2, 3)";
$builder->from('Robots')
    ->notInWhere('id', [1, 2, 3]);

// "SELECT Robots.* FROM Robots WHERE name LIKE '%Art%'";
$builder->from('Robots')
    ->where('name LIKE :name:', ['name' => '%' . $name . '%']);

// "SELECT r.* FROM Store\Robots WHERE r.name LIKE '%Art%'";
$builder->from(['r' => 'Store\Robots'])
    ->where('r.name LIKE :name:', ['name' => '%' . $name . '%']);

参数绑定(Bound Parameters)

查询构造器中的参数绑定可以在查询构建时设置,也可以在查询执行时设置:

modelsManager->createBuilder()
    ->from('Robots')
    ->where('name = :name:', ['name' => $name])
    ->andWhere('type = :type:', ['type' => $type])
    ->getQuery()
    ->execute();

// 执行查询时传递参数
$robots = $this->modelsManager->createBuilder()
    ->from('Robots')
    ->where('name = :name:')
    ->andWhere('type = :type:')
    ->getQuery()
    ->execute(['name' => $name, 'type' => $type]);

禁用字面量(Disallow literals in PHQL)

PHQL中可以禁用字面量,这意味着如果禁用开启,则不能在PHQL语句中直接使用PHP字符串、数字和布尔值。如果在PHQL语句中嵌入外部数据,可能导致潜在的注入攻击:

executeQuery($phql);

如果$login的值为' OR ' ' = ' ,将产生如下PHQL语句:

SELECT * FROM Models\Users WHERE login = '' OR '' = '';

无论存储在数据库中的login是何值,条件总是true

如果字面量被禁用,在PHQL中使用PHP字面量会抛出异常,以强制开发者使用参数绑定。上面的查询这样写更安全:

executeQuery(
    $phql,
    [
        'type' => $type,
    ]
);

可以通过以下方式禁用字面量:

 false]
);

无论字面量是否禁用,参数绑定都可以正常使用。禁用只是开发人员能够在web应用中采取的一项安全策略。

转义保留字(Escaping Reserved Words)

PHQL有一些保留字,如果想将保留字作为模型名或字段名使用,则需要使用转义分隔符[]来转义关键字:

executeQuery($phql);

$phql   = "SELECT id, [Like] FROM Posts";
$result = $manager->executeQuery($phql);

PHQL生命周期(PHQL Lifecycle)

作为高级语言,PHQL赋予了开发者个性化定制的能力,以满足不同的需求。以下是PHQL语句的生命周期:

  • PHQL被解析并转换为独立于数据库SQL之外的中间表示(IR)
  • 根据模型对应的数据库系统,IR被转换为有效的SQL
  • PHQL语句被解析并保存在内存中,再次执行相同语句时速度会更快

使用原生SQL(Using Raw SQL)

某些数据库系统可能会提供PHQL不支持的特殊SQL扩展,这种情况适合使用原生SQL:

 0";

        // 模型
        $robot = new Robots();

        // 执行查询
        return new Resultset(
            null,
            $robot,
            $robot->getReadConnection()->query($sql)
        );
    }
}

如果原生SQL查询在应用中很普遍,可以在模型中添加通用方法:

getReadConnection()->query($sql),
        );
    }
}

上述findByRawSQL可以如下使用:

 ?',
    [
        10,
    ]
);

注意事项(Troubleshooting)

PHQL中的一些注意事项:

  • 类名称区分大小写,如果定义类时名称和创建时的名称不一致,在大小写敏感的操作系统(如linux)中将导致不可预知行为
  • 为保证参数绑定成功,连接数据库时必须指定正确的字符集
  • 指定别名的类不能用完整命名空间替换,因为这项操作发生在PHP代码中,而非PHQL语句里
  • 如果字段使用别名,应避免别名和字段名相同,不然查询解析器容易混淆。

你可能感兴趣的:(php,phalcon)