skydiablo/sql-query-builder
Composer 安装命令:
composer require skydiablo/sql-query-builder
包简介
PHP library for building SQL queries with named parameters
README 文档
README
A PHP library for building SQL queries with named parameters that converts them to positional parameters for database drivers.
Features
- Convert named parameters (
:varname) to positional parameters (?) - Handle duplicate parameter occurrences correctly
- Validate parameter completeness
- Extract parameter names from queries
- Type-safe and well-documented
Installation
Add this library to your project:
composer require skydiablo/sql-query-builder
Usage
Basic Example
use SkyDiablo\SqlQueryBuilder\QueryBuilder; // Your query with named parameters $query = "SELECT * FROM users WHERE name = :name AND age > :age"; // Your parameters as associative array $parameters = [ 'name' => 'John Doe', 'age' => 25 ]; // Convert to positional parameters $result = QueryBuilder::build($query, $parameters); // Get the processed query and parameters $processedQuery = $result->getQuery(); // "SELECT * FROM users WHERE name = ? AND age > ?" $orderedParams = $result->getParameters(); // ['John Doe', 25] // Use with your database driver $stmt = $pdo->prepare($processedQuery); $stmt->execute($orderedParams);
Handling Duplicate Parameters
The library correctly handles duplicate parameter occurrences:
$query = "SELECT * FROM users WHERE (name = :name OR username = :name) AND age > :age"; $parameters = [ 'name' => 'John Doe', 'age' => 25 ]; $result = QueryBuilder::build($query, $parameters); // Result: "SELECT * FROM users WHERE (name = ? OR username = ?) AND age > ?" // Parameters: ['John Doe', 'John Doe', 25]
Parameter Validation
Check if all required parameters are provided:
$query = "SELECT * FROM users WHERE name = :name AND age > :age"; $parameters = ['name' => 'John Doe']; // Missing 'age' // This will throw an exception try { $result = QueryBuilder::build($query, $parameters); } catch (\InvalidArgumentException $e) { echo $e->getMessage(); // "Missing parameter 'age' in parameters array" } // Or validate before building if (QueryBuilder::validateParameters($query, $parameters)) { $result = QueryBuilder::build($query, $parameters); } else { echo "Missing parameters!"; }
Extract Parameter Names
Get all parameter names used in a query:
$query = "SELECT * FROM users WHERE name = :name AND age > :age AND city = :city"; $paramNames = QueryBuilder::getParameterNames($query); // Result: ['name', 'age', 'city']
Complex Example
$query = " SELECT u.*, p.title FROM users u LEFT JOIN profiles p ON u.id = p.user_id WHERE u.name LIKE :name AND u.age BETWEEN :min_age AND :max_age AND u.status = :status ORDER BY u.created_at DESC LIMIT :limit "; $parameters = [ 'name' => '%John%', 'min_age' => 18, 'max_age' => 65, 'status' => 'active', 'limit' => 10 ]; $result = QueryBuilder::build($query, $parameters); // Use with PDO $stmt = $pdo->prepare($result->getQuery()); $stmt->execute($result->getParameters()); $users = $stmt->fetchAll();
API Reference
QueryBuilder Class
build(string $query, array $parameters = []): QueryResult
Converts a query with named parameters to a query with positional parameters.
Parameters:
$query(string): SQL query with named parameters (e.g.,:varname)$parameters(array): Associative array of parameter values
Returns: QueryResult object
Throws: \InvalidArgumentException if a named parameter is missing
validateParameters(string $query, array $parameters): bool
Validates that all named parameters in a query have corresponding values.
Parameters:
$query(string): SQL query with named parameters$parameters(array): Associative array of parameter values
Returns: bool - True if all parameters are provided
getParameterNames(string $query): array
Extracts all named parameter names from a query.
Parameters:
$query(string): SQL query with named parameters
Returns: array - Array of parameter names
QueryResult Class
getQuery(): string
Returns the processed SQL query with positional parameters.
getParameters(): array
Returns the ordered array of parameter values.
getParameterCount(): int
Returns the number of parameters.
hasParameters(): bool
Returns true if the query has any parameters.
Security
This library helps prevent SQL injection by:
- Converting named parameters to positional parameters
- Ensuring parameter values are properly separated from the SQL query
- Maintaining the correct order of parameters
Always use prepared statements with your database driver for maximum security.
Requirements
- PHP 8.0 or higher
License
MIT
skydiablo/sql-query-builder 适用场景与选型建议
skydiablo/sql-query-builder 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 20 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 11 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 skydiablo/sql-query-builder 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 skydiablo/sql-query-builder 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 20
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 7
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Unknown
- 更新时间: 2025-11-11