summaryrefslogtreecommitdiff
path: root/README.markdown
diff options
context:
space:
mode:
Diffstat (limited to 'README.markdown')
-rw-r--r--README.markdown10
1 files changed, 7 insertions, 3 deletions
diff --git a/README.markdown b/README.markdown
index b40e5f1..cccccd3 100644
--- a/README.markdown
+++ b/README.markdown
@@ -202,12 +202,16 @@ The `limit` and `offset` methods map pretty closely to their SQL equivalents.
##### Ordering #####
-*Note that this method **does not** escape its query parameter and so this should **not** be passed directly from user input.*
+*Note that these methods **do not** escape their query parameters and so these should **not** be passed directly from user input.*
-Two methods are provided to add `ORDER BY` clauses to your query. These are `order_by_desc` and `order_by_asc`, each of which takes a column name to sort by.
+Two methods are provided to add `ORDER BY` clauses to your query. These are `order_by_desc` and `order_by_asc`, each of which takes a column name to sort by. The column names will be quoted.
$people = ORM::for_table('person')->order_by_asc('gender')->order_by_desc('name')->find_many();
+If you want to order by something other than a column name, then use the `order_by_expr` method to add an unquoted SQL expression as an `ORDER BY` clause.
+
+ $people = ORM::for_table('person')->order_by_expr('SOUNDEX(`name`)')->find_many();
+
#### Grouping ####
*Note that this method **does not** escape it query parameter and so this should **not** by passed directly from user input.*
@@ -297,7 +301,7 @@ The `join` methods also take an optional third parameter, which is an `alias` fo
#### Raw queries ####
-If you need to perform more complex queries, you can completely specify the query to execute by using the `raw_query` method. This method takes a string and an array of parameters. The string should contain placeholders, either in question mark or named placeholder syntax, which will be used to bind the parameters to the query.
+If you need to perform more complex queries, you can completely specify the query to execute by using the `raw_query` method. This method takes a string and optionally an array of parameters. The string can contain placeholders, either in question mark or named placeholder syntax, which will be used to bind the parameters to the query.
$people = ORM::for_table('person')->raw_query('SELECT p.* FROM person p JOIN role r ON p.role_id = r.id WHERE r.name = :role', array('role' => 'janitor')->find_many();
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 14:23:26 +0000