Data API Query

Data API Query

by Sarthak Killedar -
Number of replies: 5

Hello ,

I am developing plugin.In plugin i need to execute sql statement.

$user=$DB->get_record_sql('SELECT * FROM {user} WHERE id = ?',array(1));

I am using this one.The problem i am facing is..

I have $selID which stores the ID returned from form.And using that ID stored in $selID.

I want to execute.like

$user=$DB->get_record_sql('SELECT * FROM {user} WHERE id = ?', $selID);


So i want to replace ? mark with $selID .How can i do that?Here i need put that value in array(2) like this ..But i am taking that value from user from drop down box through POST global.

I need this form ($DB->get_record_sql) Because , my query consist of lot of inner join and stuff.

Please kindly point me out.Thank you.

Average of ratings: Useful (1)
In reply to Sarthak Killedar

Re: Data API Query

by Davo Smith -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

I've seen your note that the actual query is more complex than demonstrated, so I won't suggest using get_record() instead ...

I think what you're asking for is something like this:

$userid = required_param('userid', PARAM_INT); // Retrieve the POSTed 'userid' param.
$user = $DB->get_record_sql('SELECT * FROM {user} WHERE id = ?', array($userid), MUST_EXIST);

OR (often clearer and more maintainable, if you have more than one param in the query)

$userid = required_param('userid', PARAM_INT); // Retrieve the POSTed 'userid' param.

$user = $DB->get_record_sql('SELECT * FROM {user} WHERE id = :userid', array('userid' => $userid), MUST_EXIST);

Note the MUST_EXIST is optional, but, unless it is valid for the user record to not exist, it is a good way to stop the code immediately, before it starts trying to operate on a non-existent record.



Average of ratings: Useful (2)
In reply to Sarthak Killedar

Re: Data API Query

by Darko Miletić -
Let us assume we have this valid query for Moodle:


    SELECT u.id, u.username, c.fullname
    FROM       {user}            AS u
    INNER JOIN {user_enrolments} AS ue ON u.id = ue.userid
    INNER JOIN {enrol}           AS e  ON e.id = ue.enrolid
    INNER JOIN {course}          AS c  ON c.id = e.courseid
    WHERE u.deleted = 0
          AND
          e.enrol = 'manual'
          AND
          c.id = 8
          AND
          u.id = 4


I will show you how to transform that into fully parametrized query using Moodle DB API and you can apply the approach to any query.

So in the query above you have these conditions:

  • u.deleted is 0
  • e.enrol is manual
  • c.id is 8
  • u.id is 4

So let us prepare those conditions for insertion in the query:

$params = array();
list($udeletedsql , $param) = $DB->get_in_or_equal(0, SQL_PARAMS_NAMED);
$params += $param;
list($enrolsql, $param) = $DB->get_in_or_equal('manual', SQL_PARAMS_NAMED);
$params += $param;
list($coursesql, $param) = $DB->get_in_or_equal(8, SQL_PARAMS_NAMED);
$params += $param;
list($usersql, $param) = $DB->get_in_or_equal($selID, SQL_PARAMS_NAMED);
$params += $param;

// get_in_or_equal returns us part that should be added to SQL and parameter value as array. We add parameters to one main parameter array.
// Than we adjust the query.

$sql = "
    SELECT u.id, u.username, c.fullname
    FROM       {user}            AS u
    INNER JOIN {user_enrolments} AS ue ON u.id = ue.userid
    INNER JOIN {enrol}           AS e  ON e.id = ue.enrolid
    INNER JOIN {course}          AS c  ON c.id = e.courseid
    WHERE u.deleted {$udeletedsql}
          AND
          e.enrol {$enrolsql}
          AND
          c.id {$coursesql}
          AND
          u.id {$usersql}
";
// And finally call the query.
$results = $DB->get_record_sql($sql, $params, MUST_EXIST);

This way all parameters are guaranteed to be cleaned before execution and you are as safe as you can be.




Average of ratings: Useful (2)
In reply to Darko Miletić

Re: Data API Query

by Nalaka Sethunga -

i am doing a testing on "flashcard set" module i attached the sql of tables that i deal with.  "phpmyadmin" returns 4 rows as the the result of following query (attached as "sql for phpmyadmin.txt" ) but running the same query (modified according to your explaination ) withing moodle code (attached as "code inside moodle.txt") returns just 1 record.

in my opinion, this may be a issue  get_records_sql function. could you please check it and report,  it if you generate the same

Average of ratings: -
In reply to Nalaka Sethunga

Re: Data API Query

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators

Please turn developer debugging on. The get_records_sql() method requires the query returning one unique 'id' column for each row to work properly (and the debugging mode would inform you about that). If that is not doable, look at get_recordset_sql()

Average of ratings: -