Level 46
Stop making your life hard and use the query builder.
2 likes
Oct 25, 2017
17
Level 1
How to concate and make sql query in laravel
hi, I want to concatenate two string to a where clause and then make the sql call,.
my code is like bellow,
Controller-
$sql='Stock::';
for ($x=0; $x <count($stringArray) ; $x++) {
$string=$stringArray[$x];
$value=$valueArray[$x];
$operator=$operatorArray[$x];
$sql=$sql."where('". $string .",'". $operator."',". $value ."')->";
}
$sql=$sql."get()";
And the $stringArray,$valueArray,$operatorArray are the array values, when i dump the sql im getting the string , the concatinated values of for loop,
"Stock::where('INSTRUMENT,'=',FUTIDX')->where('CLOSE,'=',24237.55')->get()"
please Tell me how can i overcome this problem?
Level 122
concatenating strings is how sql injection security issues are caused
Use eloquent or the query builder.
2 likes
Level 1
can you tel me how to use query builder for above example?
Level 2
Hey I don't know why you are using this approach. @Snapey is saying correct. If you still insists and using the same approach. Then print the query..
$sql=$sql->toSql(); will print the query for you. Then debug the query and use as per your requirements
Level 10
Whats the error in your above example?
Level 122
start a query or eloquent statement
then inside your for loop
$query->where($string,$operator,$value)
Level 1
@Snapey how can i do $query->whereColumn('open','close');
Level 1
@RamjithAp i am not getting any error,when i dump it its giving me the string, as i shown in question
Level 122
why?
Level 1
first i will extract the data from db depending on the date,
$sql=Stock::where('TIMESTAMP','25-OCT-2017')->get();
now i wil be having data in $sql, as you said i have put $sql=$sql->where( $string , $operator,$value); inside for as bellow,if i want to compare to colums and extract the data,its giving error.
for ($x=0; $x <count($stringArray) ; $x++) {
$string=$stringArray[$x];
$value=$valueArray[$x];
$operator=$operatorArray[$x];
preg_match('/[a-z]+/i', $value, $match);
if ($match) {
$sql=$sql->whereColumn( $string , $operator,$value);
}
else {
$sql=$sql->where( $string , $operator,$value);
}
}
Level 122
you cannot run a sql query against a result set?
I cannot follow what you are doing with pregMatch or what you mean by whereColumn
Level 1
for example
OPEN > CLOSE AND OPEN < 100
this is wat i want to excicute,
this will be lik
Stock::where('TIMESTAMP','25-OCT-2017')->whereColumn('OPEN','>','CLOSE')->where('OPEN','<',100)->get();
in this case i have oly 2 where clause, but in my project it might go 4 to 5, so i m planning to use for loop and excecute. pregMatch is for checking if right value is a string or number,if its string den wherecolumn else normal where,.
and i have a column name TIMESTAMP in my DB,it is to get todays data
Level 1
whereColumn is for comparing two column
Level 122
ok, so
$date = $request->date. // however you choose date
$query=Stock::where('TIMESTAMP',$date); // no get()
for ($x=0; $x <count($stringArray) ; $x++) {
$string=$stringArray[$x];
$value=$valueArray[$x];
$operator=$operatorArray[$x];
preg_match('/[a-z]+/i', $value, $match);
if ($match) {
$query->whereColumn( $string , $operator,$value);
}
else {
$query->where( $string , $operator,$value);
}
}
$stocks= $query->get();
run the query at the end after you have added all the where clauses
Level 1
Thanks alot @Snapey , It works.
Level 122
can you mark it resolved
Level 1
ya sure
Please or to participate in this conversation.