Allow the use of different database servers using the same code base.

Backdrop includes a database abstraction layer to provide a structured interface for dynamically constructing queries when appropriate, and to enforce security checks and similar good practices. The intent of this layer is to preserve the syntax and power of SQL as much as possible, but also allow developers to leverage more complex functionality in a unified way.

The system is built atop PHP's PDO (PHP Data Objects) database API and inherits much of its syntax and semantics.

Most Backdrop database SELECT queries are performed by a call to db_query() or db_query_range(). Module authors should also consider using the PagerDefault Extender for queries that return results that need to be presented on multiple pages (see https://drupal.org/node/508796), and the TableSort Extender for generating appropriate queries for sortable tables (see https://drupal.org/node/1848372).

For example, one might wish to return a list of the most recent 10 nodes authored by a given user. Instead of directly issuing the SQL query

SELECT n.nid, n.title, n.created FROM node n WHERE n.uid = $uid
  ORDER BY n.created DESC LIMIT 0, 10;

one would instead call the Backdrop functions:

$result = db_query_range('SELECT n.nid, n.title, n.created
  FROM {node} n WHERE n.uid = :uid
  ORDER BY n.created DESC', 0, 10, array(':uid' => $uid));
foreach ($result as $record) {
  // Perform operations on $record->title, etc. here.
}

Curly braces are used around "node" to provide table prefixing via DatabaseConnection::prefixTables(). The explicit use of a user ID is pulled out into an argument passed to db_query() so that SQL injection attacks from user input can be caught and nullified. The LIMIT syntax varies between database servers, so that is abstracted into db_query_range() arguments. Finally, note the PDO-based ability to iterate over the result set using foreach ().

All queries are passed as a prepared statement string. A prepared statement is a "template" of a query that omits literal or variable values in favor of placeholders. The values to place into those placeholders are passed separately, and the database driver handles inserting the values into the query in a secure fashion. That means you should never quote or string-escape a value to be inserted into the query.

There are two formats for placeholders: named and unnamed. Named placeholders are strongly preferred in all cases as they are more flexible and self-documenting. Named placeholders should start with a colon ":" and can be followed by one or more letters, numbers or underscores.

Named placeholders begin with a colon followed by a unique string. Example:

SELECT nid, title FROM {node} WHERE uid=:uid;

":uid" is a placeholder that will be replaced with a literal value when the query is executed. A given placeholder label cannot be repeated in a given query, even if the value should be the same. When using named placeholders, the array of arguments to the query must be an associative array where keys are a placeholder label (e.g., :uid) and the value is the corresponding value to use. The array may be in any order.

Unnamed placeholders are represented by a question mark. For example:

SELECT nid, title FROM {node} WHERE uid=?;

In this case, the array of arguments must be an indexed array of values to use in the exact same order as the placeholders in the query.

Note that placeholders should be a "complete" value. For example, when running a LIKE query the SQL wildcard character, %, should be part of the value, not the query itself. Thus, the following is incorrect:

SELECT nid, title FROM {node} WHERE title LIKE :title%;

It should instead read:

SELECT nid, title FROM {node} WHERE title LIKE :title;

and the value for :title should include a % as appropriate. Again, note the lack of quotation marks around :title. Because the value is not inserted into the query as one big string but as an explicitly separate value, the database server knows where the query ends and a value begins. That is considerably more secure against SQL injection than trying to remember which values need quotation marks and string escaping and which don't.

INSERT, UPDATE, and DELETE queries need special care in order to behave consistently across all different databases. Therefore, they use a special object-oriented API for defining a query structurally. For example, rather than:

INSERT INTO node (nid, title, body) VALUES (1, 'my title', 'my body');

one would instead write:

$fields = array('nid' => 1, 'title' => 'my title', 'body' => 'my body');
db_insert('node')->fields($fields)->execute();

This method allows databases that need special data type handling to do so, while also allowing optimizations such as multi-insert queries. UPDATE and DELETE queries have a similar pattern.

Backdrop also supports transactions, including a transparent fallback for databases that do not support transactions. To start a new transaction, call $txn = db_transaction(); in your own code. The transaction will remain open for as long as the variable $txn remains in scope. When $txn is destroyed, the transaction will be committed. If your transaction is nested inside of another then Backdrop will track each transaction and only commit the outer-most transaction when the last transaction object goes out out of scope, that is, all relevant queries completed successfully.

Example:

function my_transaction_function() {
  // The transaction opens here.
  $txn = db_transaction();

  try {
    $id = db_insert('example')
      ->fields(array(
        'field1' => 'mystring',
        'field2' => 5,
      ))
      ->execute();

    my_other_function($id);

    return $id;
  }
  catch (Exception $e) {
    // Something went wrong somewhere, so roll back now.
    $txn->rollback();
    // Log the exception to watchdog.
    watchdog_exception('type', $e);
  }

  // $txn goes out of scope here.  Unless the transaction was rolled back, it
  // gets automatically committed here.
}

function my_other_function($id) {
  // The transaction is still open here.

  if ($id % 2 == 0) {
    db_update('example')
      ->condition('id', $id)
      ->fields(array('field2' => 10))
      ->execute();
  }
}

See also

http://drupal.org/developing/api/database

File

core/includes/database/database.inc, line 11
Core systems for the database layer.

Functions

Name Locationsort descending Description
db_query core/includes/database/database.inc Executes an arbitrary query string against the active database.
db_query_range core/includes/database/database.inc Executes a query against the active database, restricted to a range.
db_query_temporary core/includes/database/database.inc Executes a SELECT query string and saves the result set to a temporary table.
db_insert core/includes/database/database.inc Returns a new InsertQuery object for the active database.
db_merge core/includes/database/database.inc Returns a new MergeQuery object for the active database.
db_update core/includes/database/database.inc Returns a new UpdateQuery object for the active database.
db_delete core/includes/database/database.inc Returns a new DeleteQuery object for the active database.
db_truncate core/includes/database/database.inc Returns a new TruncateQuery object for the active database.
db_select core/includes/database/database.inc Returns a new SelectQuery object for the active database.
db_transaction core/includes/database/database.inc Returns a new transaction object for the active database.
db_set_active core/includes/database/database.inc Sets a new active database.
db_escape_table core/includes/database/database.inc Restricts a dynamic table name to safe characters.
db_escape_field core/includes/database/database.inc Restricts a dynamic column or constraint name to safe characters.
db_like core/includes/database/database.inc Escapes characters that work as wildcard characters in a LIKE pattern.
db_driver core/includes/database/database.inc Retrieves the name of the currently active database driver.
db_close core/includes/database/database.inc Closes the active database connection.
db_next_id core/includes/database/database.inc Retrieves a unique auto-increment ID.
db_or core/includes/database/database.inc Returns a new DatabaseCondition, set to "OR" all conditions together.
db_and core/includes/database/database.inc Returns a new DatabaseCondition, set to "AND" all conditions together.
db_xor core/includes/database/database.inc Returns a new DatabaseCondition, set to "XOR" all conditions together.
db_condition core/includes/database/database.inc Returns a new DatabaseCondition, set to the specified conjunction.

Classes

Name Locationsort descending Description
DatabaseConnection core/includes/database/database.inc Base Database API class.
Database core/includes/database/database.inc Primary front-controller for the database system.
DatabaseTransactionNoActiveException core/includes/database/database.inc Exception for when popTransaction() is called with no active transaction.
DatabaseTransactionNameNonUniqueException core/includes/database/database.inc Exception thrown when a savepoint or transaction name occurs twice.
DatabaseTransactionCommitFailedException core/includes/database/database.inc Exception thrown when a commit() function fails.
DatabaseTransactionExplicitCommitNotAllowedException core/includes/database/database.inc Exception to deny attempts to explicitly manage transactions.
DatabaseTransactionOutOfOrderException core/includes/database/database.inc Exception thrown when a rollback causes multiple transaction rollbacks.
DatabaseNotFoundException core/includes/database/database.inc Exception thrown when the specified database cannot be found.
InvalidMergeQueryException core/includes/database/database.inc Exception thrown for merge queries that do not make semantic sense.
FieldsOverlapException core/includes/database/database.inc Exception thrown if an insert query specifies a field twice.
NoFieldsException core/includes/database/database.inc Exception thrown if an insert query doesn't specify insert or default fields.
DatabaseConnectionNotDefinedException core/includes/database/database.inc Exception thrown if an undefined database connection is requested.
DatabaseDriverNotSpecifiedException core/includes/database/database.inc Exception thrown if no driver is specified for a database connection.
DatabaseTransaction core/includes/database/database.inc A wrapper class for creating and managing database transactions.
DatabaseStatementBase core/includes/database/database.inc Default implementation of DatabaseStatementInterface.
DatabaseStatementEmpty core/includes/database/database.inc Empty implementation of a database statement.
DatabaseConnection_mysql core/includes/database/mysql/database.inc MySQL database connection driver.
InsertQuery_mysql core/includes/database/mysql/query.inc MySQL-specific class for executing INSERT queries.
TruncateQuery_mysql core/includes/database/mysql/query.inc MySQL-specific class for executing TRUNCATE queries.
DatabaseStatementPrefetch core/includes/database/prefetch.inc An implementation of DatabaseStatementInterface that prefetches all data.
Query core/includes/database/query.inc Base class for query builders.
InsertQuery core/includes/database/query.inc General class for an abstracted INSERT query.
DeleteQuery core/includes/database/query.inc General class for an abstracted DELETE operation.
TruncateQuery core/includes/database/query.inc General class for an abstracted TRUNCATE operation.
UpdateQuery core/includes/database/query.inc General class for an abstracted UPDATE operation.
MergeQuery core/includes/database/query.inc General class for an abstracted MERGE query operation.
DatabaseCondition core/includes/database/query.inc Generic class for a series of conditions in a query.
SelectQueryExtender core/includes/database/select.inc The base extender class for Select queries.
SelectQuery core/includes/database/select.inc Query builder for SELECT statements.

Interfaces

Name Locationsort descending Description
DatabaseStatementInterface core/includes/database/database.inc Represents a prepared statement.
QueryConditionInterface core/includes/database/query.inc Interface for a conditional clause in a query.
QueryAlterableInterface core/includes/database/query.inc Interface for a query that can be manipulated via an alter hook.
QueryPlaceholderInterface core/includes/database/query.inc Interface for a query that accepts placeholders.
QueryExtendableInterface core/includes/database/select.inc Interface for extendable query objects.
SelectQueryInterface core/includes/database/select.inc Interface definition for a Select Query object.