Adding doc

moufmouf · moufmouf · commit 5b5859e9acdd · 2013-07-10T11:58:48.000+02:00
diff --git a/README.md b/README.md
@@ -0,0 +1,72 @@
+What is QueryWritter?
+=====================
+
+QueryWritter is a PHP library that parses SQL queries, transforms those into an object representation, stores them in a 
+dependency injection container, and returns them as string. It is a [Mouf plugin](http://mouf-php.com).
+
+Ok, but why would I use QueryWritter?
+-------------------------------------
+
+Because it is **the most effecient way to deal with queries that can have a variable number of parameters**!
+Think about a typical datagrid with a bunch of filter (for instance a list of products filtered by name, company, price, ...).
+If you have the very common idea to generate the SQL query using no PHP library, your code will look like this:
+
+<div class="alert"><strong>You should not do this!</strong></div>
+
+```php
+// People usually write queries like this:
+$sql = "SELECT * FROM products p JOIN companies c ON p.company_id = c.id WHERE 1=1 ";
+// They keep testing for parameters, and concatenating strings....
+if (isset($params['name'])) {
+	$sql .= "AND p.name LIKE '".addslashes($params['name'])."%'";
+}
+if (isset($params['company'])) {
+	$sql .= "AND c.name LIKE '".addslashes($params['company'])."%'";
+}
+// And so on... for each parameter, we have a "if" statement
+```
+
+
+
+Concatenating SQL queries is dangerous (especially if you forget to protect parameters).
+You can always use parameterized SQL queries, but you will still have to concatenate the filters.
+
+To avoid concatenating strings, frameworks and libraries have used different strategies. Building a full ORM (like
+Doctrine or Propel) is a good idea, but it makes writing complex queries even more complex. Other frameworks like
+Zend are building queries using function calls. These are valid strategies, but you are no more typing SQL queries
+directly, and let's face it, it is always useful to use a query directly.
+
+This is where QueryWritter becomes helpful.
+
+How does it work?
+-----------------
+// TODO: schema... or even better... video!
+
+###1- Write your query
+You start by writing your query, **in plain SQL**. No ORM, no special query language (DQL or HQL anyone?), just plain and simple SQL.
+This is cool because everybody knows SQL. In your query, you put absolutely all the parameters you can imagine.
+
+###2- Store your query in Mouf
+In Mouf UI, go to **DB** > **SQL queries** > **Create SQL query**.
+Here, you can **copy and paste your query**. Since this is Mouf, every query is an "instance", and you have to pick
+a name for your query. 
+
+Behind the scenes, QueryWritter will parse your query and make sure every piece of the query (each table, each column, each filter...) is transformed 
+into an object. But you really don't have to care about that right now.
+
+###3- Test your query
+Right from Mouf UI, you can test your query! And lo and behold! Because the query was parsed, **QueryWritter will dynamically 
+add parts of the query depending on the parameters you decide to use**.
+
+###4- Use it in your code
+If you are not a Mouf user (if you are using Drupal, Symfony, Zend Framework...), you can directly use the query by fetching the instance from Mouf and calling the <code>toSql</code> method, passing 
+parameters in... parameter :)
+
+```
+$mySelect = Mouf::getMySelectStatement();
+$sql = $mySelect->toSql(array("status"=>1, "search"=>"hello"));
+```
+
+If you are a Mouf user, you can even directly run the query using the **QueryResult** class that executes
+the query directly. Or even better, use the **Evolugrid** module, and display your query result in an HTML
+datagrid, directly!
diff --git a/src/Mouf/Database/QueryWriter/Controllers/SelectController.php b/src/Mouf/Database/QueryWriter/Controllers/SelectController.php
@@ -53,17 +53,23 @@ class SelectController extends AbstractMoufInstanceController {
 	 */
 	protected $parameters;
 	
+	protected $parseError = false;
+	
 	/**
 	 * Admin page used to edit the SQL of a SELECT instance.
 	 *
 	 * @Action
 	 * //@Admin
 	 */
-	public function defaultAction($name, $selfedit="false") {
+	public function defaultAction($name, $sql = null,  $selfedit="false") {
 		$this->initController($name, $selfedit);
 		
 		$select = MoufManager::getMoufManagerHiddenInstance()->getInstance($name);
-		$this->sql = $select->toSql(null, array(), 0, true); 
+		if ($sql != null) {
+			$this->sql = $sql;
+		} else {
+			$this->sql = $select->toSql(null, array(), 0, true);
+		} 
 		
 		$this->content->addFile(dirname(__FILE__)."/../../../../views/parseSql.php", $this);
 		$this->template->toHtml();
@@ -82,6 +88,13 @@ public function parse($name, $sql,$selfedit="false") {
 		
 		$parser = new SQLParser();
 		$parsed = $parser->parse($sql);
+		
+		if ($parsed == false) {
+			$this->parseError = true;
+			$this->defaultAction($name, $sql, $selfedit);
+			return;
+		}
+		
 		//print_r($parsed);
 		$select = StatementFactory::toObject($parsed);
 		//var_dump(StatementFactory::toObject($parsed));
@@ -101,7 +114,10 @@ public function parse($name, $sql,$selfedit="false") {
 	 *
 	 * @Action
 	 */
-	public function createQuery($selfedit="false") {	
+	public function createQuery($name = null, $sql = null, $selfedit="false") {
+		$this->instanceName = $name;
+		$this->sql = $sql;
+			
 		$this->content->addFile(dirname(__FILE__)."/../../../../views/createQuery.php", $this);
 		$this->template->toHtml();
 	}
@@ -117,6 +133,13 @@ public function createQuery($selfedit="false") {
 	public function doCreateQuery($name, $sql,$selfedit="false") {
 		$parser = new SQLParser();
 		$parsed = $parser->parse($sql);
+		
+		if ($parsed == false) {
+			$this->parseError = true;
+			$this->createQuery($name, $sql, $selfedit);
+			return;
+		}
+		
 		$select = StatementFactory::toObject($parsed);
 		
 		$moufManager = MoufManager::getMoufManagerHiddenInstance();
diff --git a/src/views/createQuery.php b/src/views/createQuery.php
@@ -3,6 +3,10 @@
 ?>
 <h1>Create a new SQL query</h1>
 
+<?php if ($this->parseError) { ?>
+	<div class="alert">Unable to parse SQL query</div>
+<?php } ?>
+
 <form action="doCreateQuery" method="post" class="form-horizontal">
 	<div class="control-group">
 		<label class="control-label">Instance name*: </label>
diff --git a/src/views/parseSql.php b/src/views/parseSql.php
@@ -3,10 +3,18 @@
 ?>
 <h1>Parse SQL</h1>
 
+<?php if ($this->parseError) { ?>
+	<div class="alert">Unable to parse SQL query</div>
+<?php } ?>
+
 <form action="parse">
 	<input type="hidden" name="name" value="<?php echo plainstring_to_htmlprotected($this->instanceName) ?>" />
 	<label class="control-label">SQL query:</label>
-	<textarea rows=10 name="sql" class="span10"><?php echo plainstring_to_htmlprotected($this->sql) ?></textarea>
+	<div class="controls">
+		<textarea rows=10 name="sql" class="span10"><?php echo plainstring_to_htmlprotected($this->sql) ?></textarea>
+		<span class="help-block">You can use <strong>parameters</strong> using prepared statement notation. For instance: 
+				<code>select * from users where country_id = :country_id</code></span>
+	</div>			
 	<div class="control-group">
 		<div class="controls">
 			<button name="action" value="parse" type="submit" class="btn btn-danger">Create object from query</button>
